SB2023101154 - Multiple vulnerabilities in Xen
Published: October 11, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) State Issues (CVE-ID: CVE-2023-34328)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of guest state in PV vCPU. A malicious guest place a breakpoint over the live GDT and perform a denial of service (DoS) attack against the host.2) State Issues (CVE-ID: CVE-2023-34327)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of guest state when using Debug Masks in HVM vCPU. A malicious guest can perform a denial of service (DoS) attack against the guest OS.
3) Deadlock (CVE-ID: CVE-2023-34324)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper event handling in Linux kernel. A malicious guest can disable paravirtualized device to cause a deadlock in a backend domain (other than dom0).
4) Reachable Assertion (CVE-ID: CVE-2023-34323)
The vulnerability allows a remote guest to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when handling negative quota values in C Xenstored. A malicious guest can craft a transaction that forces C Xenstored to check quota value and perform a denial of service attack.
5) Stack-based buffer overflow (CVE-ID: CVE-2023-34325)
The vulnerability allows a remote guest to escalate privileges on the system.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-34326)
The vulnerability allows a remote guest to escalate privileges on the system.
The vulnerability exists due to missing IOMMU TLB flushing on x86/AMD systems. A malicious guest can access memory not owned by the guest and escalate privileges on the system.
Remediation
Install update from vendor's website.