CVE-2023-34320 — Improper Locking in ARM Cortex-a77 Firmware

CWE-667 — Improper Locking5 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 71.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN ARM Cortex-a77 Firmware

Timeline

PublishedDec 8

Description

Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDarm/cortex-a77_firmwarer0p0, r1p0+1

▶debiandebian/xen< xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 (bookworm)

▶Alpinexen/xen< 4.15.4-r3+8

▶Debianxen/xen< 4.17.2+76-ge1f9cb16e2-1~deb12u1+2

🔴Vulnerability Details

OSV

CVE-2023-34320: Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the executi↗2023-12-08

▶

GHSA

GHSA-75hw-9685-7hff: Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the executi↗2023-12-08

▶

OSV

CVE-2023-34320: Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the executi↗2023-12-08

▶

📋Vendor Advisories

Debian

CVE-2023-34320: xen - Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software,...↗2023

▶