Published: 05/01/2024 Updated: 11/01/2024

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 0

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen

Description of Problem Several issues have been discovered that affect Citrix Hypervisor 82 CU1 LTSR and may allow malicious privileged code in a guest VM to:i)  Compromise an AMD-based host via a passed through PCI device: CVE-2023-34326ii)  Compromise the host when a specific administrative action is taken (see Mitigating Factors below ...

NVD-CWE-noinfo https://xenbits.xenproject.org/xsa/advisory-444.html https://nvd.nist.gov https://support.citrix.com/article/CTX575089

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-34327

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect