CVE-2023-34322Improper Check for Dropped Privileges in XEN

CWE-273Improper Check for Dropped Privileges5 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 81.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XENDebian XEN
Timeline
PublishedJan 5

Description

For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests this means running on the shadow of the guest root page table. In the course of dealing with shortage of memory in the shadow pool associated with a domain, shadows of page tables may be torn down. This tearing down may incl

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDxen/xen3.2.04.15.0
debiandebian/xen< xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 (bookworm)
Alpinexen/xen< 4.15.5-r1+8
Debianxen/xen< 4.17.2+76-ge1f9cb16e2-1~deb12u1+2

🔴Vulnerability Details

3
OSV
CVE-2023-34322: For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode2024-01-05
GHSA
GHSA-3qxp-p56x-r4h3: For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode2024-01-05
OSV
CVE-2023-34322: For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode2024-01-05

📋Vendor Advisories

1
Debian
CVE-2023-34322: xen - For migration as well as to work around kernels unaware of L1TF (see XSA-273), P...2023