CVE-2023-34323NULL Pointer Dereference in XEN

CWE-476NULL Pointer Dereference5 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 75.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XENDebian XEN
Timeline
PublishedJan 5

Description

When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstored are assuming that the quota cannot be negative and are using assert() to confirm it. This will lead to C Xenstored crash when tools are built without -DNDEBUG (this is the default).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDxen/xen< 4.17.0
debiandebian/xen< xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 (bookworm)
Alpinexen/xen< 4.15.5-r3+8
Debianxen/xen< 4.17.2+76-ge1f9cb16e2-1~deb12u1+2

Patches

Patch: xenbits.xenproject.orgPatch: xenbits.xenproject.org

🔴Vulnerability Details

3
OSV
CVE-2023-34323: When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes2024-01-05
OSV
CVE-2023-34323: When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes2024-01-05
GHSA
GHSA-85fq-cwc3-mp4q: When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes2024-01-05

📋Vendor Advisories

1
Debian
CVE-2023-34323: xen - When a transaction is committed, C Xenstored will first check the quota is corre...2023