CVE-2023-34324

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Jan 5, 2024
Updated: Jan 11, 2024
CWE ID 400

Summary

CVE-2023-34324 is a vulnerability in the Linux kernel that can lead to a deadlock when an event channel is being closed in parallel with an unrelated Xen console action. This issue arises when handling a Xen console interrupt in an unprivileged guest. The vulnerability is significant because the closing of an event channel, often triggered by the removal of a paravirtual device, can cause console messages to be issued on the other side, increasing the likelihood of the deadlock occurring. Notably, this vulnerability affects 64-bit Linux kernels on Arm architecture and not their 32-bit counterparts, as the 32-bit Linux kernel on Arm does not use queued-RW-locks, a requirement for triggering the issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share