nvd-json-data-feeds/CVE-2023/CVE-2023-343xx/CVE-2023-34324.json

{
  "id": "CVE-2023-34324",
  "sourceIdentifier": "security@xen.org",
  "published": "2024-01-05T17:15:08.540",
  "lastModified": "2025-02-13T17:16:35.600",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Closing of an event channel in the Linux kernel can result in a deadlock.\nThis happens when the close is being performed in parallel to an unrelated\nXen console action and the handling of a Xen console interrupt in an\nunprivileged guest.\n\nThe closing of an event channel is e.g. triggered by removal of a\nparavirtual device on the other side. As this action will cause console\nmessages to be issued on the other side quite often, the chance of\ntriggering the deadlock is not neglectable.\n\nNote that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel\non Arm doesn't use queued-RW-locks, which are required to trigger the\nissue (on Arm32 a waiting writer doesn't block further readers to get\nthe lock)."
    },
    {
      "lang": "es",
      "value": "El cierre de un canal de eventos en el kernel de Linux puede provocar un punto muerto. Esto sucede cuando el cierre se realiza en paralelo a una acci\u00f3n de la consola Xen no relacionada y al manejo de una interrupci\u00f3n de la consola Xen en un invitado sin privilegios. El cierre de un canal de eventos se desencadena, por ejemplo, al retirar un dispositivo paravirtual del otro lado. Como esta acci\u00f3n har\u00e1 que se emitan mensajes de la consola en el otro lado con bastante frecuencia, la posibilidad de desencadenar el punto muerto no es despreciable. Tenga en cuenta que los invitados de Arm de 32 bits no se ven afectados, ya que el kernel de Linux de 32 bits en Arm no utiliza bloqueos de RW en cola, que son necesarios para desencadenar el problema (en Arm32, un escritor en espera no bloquea m\u00e1s lectores para conseguir el candado)."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "5.10",
              "matchCriteriaId": "D61CA62B-157A-4415-B8FD-7C3C1208315D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFA1950D-1D9F-4401-AA86-CF3028EFD286"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
      "source": "security@xen.org"
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html",
      "source": "security@xen.org"
    },
    {
      "url": "https://xenbits.xenproject.org/xsa/advisory-441.html",
      "source": "security@xen.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://xenbits.xenproject.org/xsa/advisory-441.html",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}