Executive Summary

Informations
Name CVE-2023-34328 First vendor Publication 2024-01-05
Vendor Cve Last vendor Modification 2024-01-11

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]

AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions.

Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service.

1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of
a previous vCPUs debug mask state.

2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT.
This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock
up the CPU entirely.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34328

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 17
Os 158

Sources (Detail)

https://xenbits.xenproject.org/xsa/advisory-444.html
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2024-01-11 21:27:33
  • Multiple Updates
2024-01-05 21:27:25
  • First insertion