// For flags

CVE-2023-34320

arm: Guests can trigger a deadlock on Cortex-A77

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412
where software, under certain circumstances, could deadlock a core
due to the execution of either a load to device or non-cacheable memory,
and either a store exclusive or register read of the Physical
Address Register (PAR_EL1) in close proximity.

Los núcleos Cortex-A77 (r0p0 y r1p0) se ven afectados por la errata 1508412 donde el software, bajo ciertas circunstancias, podría bloquear un núcleo debido a la ejecución de una carga en el dispositivo o de una memoria no almacenable en caché, y una lectura exclusiva de la tienda o del registro de el Registro de Direcciones Físicas (PAR_EL1) muy cerca.

Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity.

Multiple vulnerabilities have been discovered in Xen, the worst of which could lead to privilege escalation. Versions greater than or equal to 4.17.4 are affected.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-06-01 CVE Reserved
  • 2023-12-08 CVE Published
  • 2024-08-02 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-667: Improper Locking
CAPEC
References (1)
URL Tag Source
https://xenbits.xenproject.org/xsa/advisory-436.html Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Arm
Search vendor "Arm"
 Cortex-a77 Firmware
Search vendor "Arm" for product "Cortex-a77 Firmware"
 r0p0
Search vendor "Arm" for product "Cortex-a77 Firmware" and version "r0p0"
-
Affected
in Arm
Search vendor "Arm"
 Cortex-a77
Search vendor "Arm" for product "Cortex-a77"
--
Safe
Arm
Search vendor "Arm"
 Cortex-a77 Firmware
Search vendor "Arm" for product "Cortex-a77 Firmware"
 r1p0
Search vendor "Arm" for product "Cortex-a77 Firmware" and version "r1p0"
-
Affected
in Arm
Search vendor "Arm"
 Cortex-a77
Search vendor "Arm" for product "Cortex-a77"
--
Safe
Xen
Search vendor "Xen"
 Xen
Search vendor "Xen" for product "Xen"
*-
Affected