Home > Vulnerability Database > CVE-2023-34324

Mend.io Vulnerability Database

CVE-2023-34324

Good to know:

Date: January 5, 2024

Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn't block further readers to get the lock).

Language: C

Severity Score

4.9

Related Resources (5)

Url: https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-34324

Url: https://xenbits.xenproject.org/xsa/advisory-441.html

Url: https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html

Url: https://www.mend.io/vulnerability-database/CVE-2023-34324

Severity Score

4.9

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Top Fix

Upgrade Version

Upgrade to version v4.14.327,v4.19.296,v5.4.258,v5.10.198,v5.15.135,v6.1.57,v6.5.7,v6.6-rc6

Learn More

CVSS v3.1

Base Score:	4.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-34324

Good to know:

Date: January 5, 2024

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?