CVE-2023-34325Out-of-bounds Write in XEN

CWE-787Out-of-bounds Write5 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 78.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XENDebian XEN
Timeline
PublishedJan 5

Description

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disks. Pygrub runs as the same user as the toolstack (root in a priviledged domain). At least one issue has been reported to the Xen Security Team that allows an attacker to trigger a stack buffer overflow in libfsimage. Aft

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/xen< xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 (bookworm)
Alpinexen/xen< 4.15.5-r3+8
Debianxen/xen< 4.17.2+76-ge1f9cb16e2-1~deb12u1+2

Patches

Patch: xenbits.xenproject.orgPatch: xenbits.xenproject.org

🔴Vulnerability Details

3
OSV
CVE-2023-34325: [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE2024-01-05
GHSA
GHSA-gwmw-qvr5-88j2: [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE2024-01-05
OSV
CVE-2023-34325: [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE2024-01-05

📋Vendor Advisories

1
Debian
CVE-2023-34325: xen - [This CNA information record relates to multiple CVEs; the text explains which a...2023