CVE-2023-34322 top-level shadow reference dropped too early for 64-bit PV guests

2024-01-0516:18:01

XEN

www.cve.org

cve-2023-34322

top-level shadow

64-bit pv guests

shadow paging

xen

page tables

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

For migration as well as to work around kernels unaware of L1TF (see
XSA-273), PV guests may be run in shadow paging mode. Since Xen itself
needs to be mapped when PV guests run, Xen and shadowed PV guests run
directly the respective shadow page tables. For 64-bit PV guests this
means running on the shadow of the guest root page table.

In the course of dealing with shortage of memory in the shadow pool
associated with a domain, shadows of page tables may be torn down. This
tearing down may include the shadow root page table that the CPU in
question is presently running on. While a precaution exists to
supposedly prevent the tearing down of the underlying live page table,
the time window covered by that precaution isn’t large enough.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "Xen",
    "vendor": "Xen",
    "versions": [
      {
        "status": "unknown",
        "version": "consult Xen advisory XSA-438"
      }
    ]
  }
]