CVE-2023-34324
Possible deadlock in Linux kernel event handling
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Closing of an event channel in the Linux kernel can result in a deadlock.
This happens when the close is being performed in parallel to an unrelated
Xen console action and the handling of a Xen console interrupt in an
unprivileged guest.
The closing of an event channel is e.g. triggered by removal of a
paravirtual device on the other side. As this action will cause console
messages to be issued on the other side quite often, the chance of
triggering the deadlock is not neglectable.
Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel
on Arm doesn't use queued-RW-locks, which are required to trigger the
issue (on Arm32 a waiting writer doesn't block further readers to get
the lock).
El cierre de un canal de eventos en el kernel de Linux puede provocar un punto muerto. Esto sucede cuando el cierre se realiza en paralelo a una acción de la consola Xen no relacionada y al manejo de una interrupción de la consola Xen en un invitado sin privilegios. El cierre de un canal de eventos se desencadena, por ejemplo, al retirar un dispositivo paravirtual del otro lado. Como esta acción hará que se emitan mensajes de la consola en el otro lado con bastante frecuencia, la posibilidad de desencadenar el punto muerto no es despreciable. Tenga en cuenta que los invitados de Arm de 32 bits no se ven afectados, ya que el kernel de Linux de 32 bits en Arm no utiliza bloqueos de RW en cola, que son necesarios para desencadenar el problema (en Arm32, un escritor en espera no bloquea más lectores para conseguir el candado).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-06-01 CVE Reserved
- 2023-11-13 CVE Published
- 2024-01-17 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html | ||
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://xenbits.xenproject.org/xsa/advisory-441.html | 2024-01-11 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.10 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10" | - |
Affected
| ||||||
Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
|