Detections
Analytics
Xen: x86/AMD: Debug Mask handling (XSA-444)
medium Nessus Plugin ID 182973
Language:
Synopsis
The remote Xen hypervisor installation is missing a security update.Description
AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions.Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service.
- CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state.
- CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT.
This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely.
For CVE-2023-34327, any guest (PV or HVM) using Debug Masks normally for it's own purposes can cause incorrect behaviour in an unrelated HVM vCPU, most likely resulting in a guest crash.
For CVE-2023-34328, a buggy or malicious PV guest kernel can lock up the host.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Apply the appropriate patch according to the vendor advisory.See Also
Plugin Details
Severity: Medium
ID: 182973
File Name: xen_server_XSA-444.nasl
Version: 1.6
Type: local
Family: Misc.
Published: 10/12/2023
Updated: 1/15/2024
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 4.6
Temporal Score: 3.4
Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C
CVSS Score Source: CVE-2023-34328
CVSS v3
Risk Factor: Medium
Base Score: 5.5
Temporal Score: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:xen:xen
Required KB Items: Settings/ParanoidReport, installed_sw/Xen Hypervisor
Exploit Ease: No known exploits are available
Patch Publication Date: 10/10/2023
Vulnerability Publication Date: 10/10/2023
Reference Information
CVE: CVE-2023-34327, CVE-2023-34328
IAVB: 2023-B-0081-S