4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
5.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.6%
Closing of an event channel in the Linux kernel can result in a deadlock.
This happens when the close is being performed in parallel to an unrelated
Xen console action and the handling of a Xen console interrupt in an
unprivileged guest. The closing of an event channel is e.g. triggered by
removal of a paravirtual device on the other side. As this action will
cause console messages to be issued on the other side quite often, the
chance of triggering the deadlock is not neglectable. Note that 32-bit
Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn’t use
queued-RW-locks, which are required to trigger the issue (on Arm32 a
waiting writer doesn’t block further readers to get the lock).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < 5.4.0-171.189 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-94.104 | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < 6.5.0-17.17 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1118.128 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1053.58 | UNKNOWN |
ubuntu | 23.10 | noarch | linux-aws | < 6.5.0-1013.13 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1053.58~20.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < 5.4.0-1118.128~18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < 5.4.0-1123.130 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1056.64 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2023-34324
nvd.nist.gov/vuln/detail/CVE-2023-34324
security-tracker.debian.org/tracker/CVE-2023-34324
ubuntu.com/security/notices/USN-6461-1
ubuntu.com/security/notices/USN-6624-1
ubuntu.com/security/notices/USN-6625-1
ubuntu.com/security/notices/USN-6625-2
ubuntu.com/security/notices/USN-6625-3
ubuntu.com/security/notices/USN-6626-1
ubuntu.com/security/notices/USN-6626-2
ubuntu.com/security/notices/USN-6626-3
ubuntu.com/security/notices/USN-6628-1
ubuntu.com/security/notices/USN-6628-2
ubuntu.com/security/notices/USN-6652-1
www.cve.org/CVERecord?id=CVE-2023-34324
xenbits.xen.org/xsa/advisory-441.html
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
5.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.6%