CVE-2023-34328

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jan 5, 2024

Updated: Jan 11, 2024

Summary

CVE-2023-34328 is a denial-of-service vulnerability affecting AMD CPUs with debugging extensions since 2014. Xen, which supports guests using these extensions, contains errors in its handling of guest state. Specifically, a PV vCPU can place a breakpoint over the live GDT, enabling it to exploit XSA-156/CVE-2015-8104 and lock up the CPU entirely. Separately, CVE-2023-34327 allows an HVM vCPU to operate in the context of a previous vCPU's debug mask state.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Affected Vendors

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rzabfj
https://www.cve.org/CVERecord?id=CVE-2023-34328
https://nvd.nist.gov/vuln/detail/CVE-2023-34328

Back to Vulnerability Database