CVE-2023-34327

Summary

CVE-2023-34327 refers to a vulnerability in AMD CPUs and Xen, affecting hardware virtual machines (HVM) since 2014. The issue lies in Xen's handling of guest state, resulting in denial-of-service (DoS) attacks. Specifically, an HVM virtual central processing unit (vCPU) may inadvertently adopt an older vCPU's debug mask state, leading to potential security risks. Meanwhile, CVE-2023-34328 pertains to a separate DoS vulnerability in Xen affecting PV vCPUs. This issue enables a PV vCPU to place a breakpoint over the live global descriptor table (GDT), allowing it to replicate the exploitation of XSA-156 and CVE-2015-8104, resulting in a complete CPU lockup.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.