CVE-2023-34320
arm: Guests can trigger a deadlock on Cortex-A77
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412
where software, under certain circumstances, could deadlock a core
due to the execution of either a load to device or non-cacheable memory,
and either a store exclusive or register read of the Physical
Address Register (PAR_EL1) in close proximity.
Los núcleos Cortex-A77 (r0p0 y r1p0) se ven afectados por la errata 1508412 donde el software, bajo ciertas circunstancias, podría bloquear un núcleo debido a la ejecución de una carga en el dispositivo o de una memoria no almacenable en caché, y una lectura exclusiva de la tienda o del registro de el Registro de Direcciones Físicas (PAR_EL1) muy cerca.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-06-01 CVE Reserved
- 2023-12-08 CVE Published
- 2023-12-14 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-667: Improper Locking
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://xenbits.xenproject.org/xsa/advisory-436.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Arm Search vendor "Arm" | Cortex-a77 Firmware Search vendor "Arm" for product "Cortex-a77 Firmware" | r0p0 Search vendor "Arm" for product "Cortex-a77 Firmware" and version "r0p0" | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a77 Search vendor "Arm" for product "Cortex-a77" | - | - |
Safe
|
| Arm Search vendor "Arm" | Cortex-a77 Firmware Search vendor "Arm" for product "Cortex-a77 Firmware" | r1p0 Search vendor "Arm" for product "Cortex-a77 Firmware" and version "r1p0" | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a77 Search vendor "Arm" for product "Cortex-a77" | - | - |
Safe
|
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | * | - |
Affected
| ||||||