Rapid7 Vulnerability & Exploit Database

Gentoo Linux: CVE-2023-34324: Xen: Multiple Vulnerabilities

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Gentoo Linux: CVE-2023-34324: Xen: Multiple Vulnerabilities

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
01/05/2024
Created
09/24/2024
Added
09/23/2024
Modified
09/23/2024

Description

Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn't block further readers to get the lock).

Solution(s)

  • gentoo-linux-upgrade-app-emulation-xen

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;