CVE-2023-34328
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Published Jan 5, 2024
Updated: Jan 11, 2024
Summary
CVE-2023-34328 is a denial-of-service vulnerability affecting AMD CPUs with debugging extensions since 2014. Xen, which supports guests using these extensions, contains errors in its handling of guest state. Specifically, a PV vCPU can place a breakpoint over the live GDT, enabling it to exploit XSA-156/CVE-2015-8104 and lock up the CPU entirely. Separately, CVE-2023-34327 allows an HVM vCPU to operate in the context of a previous vCPU's debug mask state.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Xen
Affected Vendors
- Xen