CVE-2023-34327 - Vulnerability Details - OpenCVE

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Xen	Xen

Configuration 1 [-]

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://xenbits.xenproject.org/xsa/advisory-444.html

History

Wed, 04 Jun 2025 08:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: XEN

Published: 2024-01-05T16:34:10.958Z

Updated: 2025-06-03T14:41:12.985Z

Reserved: 2023-06-01T10:44:17.066Z

Link: CVE-2023-34327

Vulnrichment

Updated: 2024-08-02T16:10:06.637Z

NVD

Status : Modified

Published: 2024-01-05T17:15:08.683

Modified: 2025-06-03T15:15:33.647

Link: CVE-2023-34327

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-34327", "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "state": "PUBLISHED", "assignerShortName": "XEN", "dateReserved": "2023-06-01T10:44:17.066Z", "datePublished": "2024-01-05T16:34:10.958Z", "dateUpdated": "2025-06-03T14:41:12.985Z"}, "containers": {"cna": {"title": "x86/AMD: Debug Mask handling", "datePublic": "2023-10-10T12:00:00.000Z", "descriptions": [{"lang": "en", "value": "\n[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nAMD CPUs since ~2014 have extensions to normal x86 debugging functionality.\nXen supports guests using these extensions.\n\nUnfortunately there are errors in Xen's handling of the guest state, leading\nto denials of service.\n\n 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of\n a previous vCPUs debug mask state.\n\n 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT.\n This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock\n up the CPU entirely.\n"}], "impacts": [{"descriptions": [{"lang": "en", "value": "For CVE-2023-34327, any guest (PV or HVM) using Debug Masks normally for\nit's own purposes can cause incorrect behaviour in an unrelated HVM\nvCPU, most likely resulting in a guest crash.\n\nFor CVE-2023-34328, a buggy or malicious PV guest kernel can lock up the\nhost.\n"}]}], "affected": [{"defaultStatus": "unknown", "product": "Xen", "vendor": "Xen", "versions": [{"status": "unknown", "version": "consult Xen advisory XSA-444"}]}], "configurations": [{"lang": "en", "value": "Only AMD/Hygon hardware supporting the DBEXT feature are vulnerable.\nThis is believed to be the Steamroller microarchitecture and later.\n\nFor CVE-2023-34327, Xen versions 4.5 and later are vulnerable.\n\nFor CVE-2023-34328, Xen version between 4.5 and 4.13 are vulnerable.\nThe issue is benign in Xen 4.14 and later owing to an unrelated change.\n"}], "workarounds": [{"lang": "en", "value": "For CVE-2023-34327, HVM VMs which can see the DBEXT feature are not\nsusceptible to running in the wrong state. By default, VMs will see the\nDBEXT feature on capable hardware, and when not explicitly levelled for\nmigration compatibility.\n\nFor CVE-2023-34328, PV VMs which cannot see the DBEXT feature cannot\nleverage the vulnerability.\n"}], "credits": [{"lang": "en", "type": "finder", "value": "This issue was discovered by Andrew Cooper of XenServer.\n"}], "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-444.html"}], "providerMetadata": {"orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN", "dateUpdated": "2024-01-05T16:34:10.958Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:10:06.637Z"}, "title": "CVE Program Container", "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-444.html", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-08T17:36:52.379735Z", "id": "CVE-2023-34327", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-03T14:41:12.985Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-444.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:10:06.637Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-34327", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-08T17:36:52.379735Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T17:36:53.991Z"}}], "cna": {"title": "x86/AMD: Debug Mask handling", "credits": [{"lang": "en", "type": "finder", "value": "This issue was discovered by Andrew Cooper of XenServer.\n"}], "impacts": [{"descriptions": [{"lang": "en", "value": "For CVE-2023-34327, any guest (PV or HVM) using Debug Masks normally for\nit's own purposes can cause incorrect behaviour in an unrelated HVM\nvCPU, most likely resulting in a guest crash.\n\nFor CVE-2023-34328, a buggy or malicious PV guest kernel can lock up the\nhost.\n"}]}], "affected": [{"vendor": "Xen", "product": "Xen", "versions": [{"status": "unknown", "version": "consult Xen advisory XSA-444"}], "defaultStatus": "unknown"}], "datePublic": "2023-10-10T12:00:00.000Z", "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-444.html"}], "workarounds": [{"lang": "en", "value": "For CVE-2023-34327, HVM VMs which can see the DBEXT feature are not\nsusceptible to running in the wrong state. By default, VMs will see the\nDBEXT feature on capable hardware, and when not explicitly levelled for\nmigration compatibility.\n\nFor CVE-2023-34328, PV VMs which cannot see the DBEXT feature cannot\nleverage the vulnerability.\n"}], "descriptions": [{"lang": "en", "value": "\n[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nAMD CPUs since ~2014 have extensions to normal x86 debugging functionality.\nXen supports guests using these extensions.\n\nUnfortunately there are errors in Xen's handling of the guest state, leading\nto denials of service.\n\n 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of\n a previous vCPUs debug mask state.\n\n 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT.\n This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock\n up the CPU entirely.\n"}], "configurations": [{"lang": "en", "value": "Only AMD/Hygon hardware supporting the DBEXT feature are vulnerable.\nThis is believed to be the Steamroller microarchitecture and later.\n\nFor CVE-2023-34327, Xen versions 4.5 and later are vulnerable.\n\nFor CVE-2023-34328, Xen version between 4.5 and 4.13 are vulnerable.\nThe issue is benign in Xen 4.14 and later owing to an unrelated change.\n"}], "providerMetadata": {"orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN", "dateUpdated": "2024-01-05T16:34:10.958Z"}}}, "cveMetadata": {"cveId": "CVE-2023-34327", "state": "PUBLISHED", "dateUpdated": "2025-06-03T14:41:12.985Z", "dateReserved": "2023-06-01T10:44:17.066Z", "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "datePublished": "2024-01-05T16:34:10.958Z", "assignerShortName": "XEN"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "1EB1D53B-D24B-44D3-BB44-3734EF08801F", "versionStartIncluding": "4.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\n[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nAMD CPUs since ~2014 have extensions to normal x86 debugging functionality.\nXen supports guests using these extensions.\n\nUnfortunately there are errors in Xen's handling of the guest state, leading\nto denials of service.\n\n 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of\n a previous vCPUs debug mask state.\n\n 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT.\n This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock\n up the CPU entirely.\n"}, {"lang": "es", "value": "[Este registro de informaci\u00f3n de la CNA se relaciona con m\u00faltiples CVE; el texto explica qu\u00e9 aspectos/vulnerabilidades corresponden a cada CVE.] Las CPU AMD desde ~2014 tienen extensiones a la funcionalidad de depuraci\u00f3n x86 normal. Xen admite invitados que utilizan estas extensiones. Desafortunadamente, hay errores en el manejo del estado invitado por parte de Xen, lo que lleva a denegaciones de servicio. 1) CVE-2023-34327: una vCPU HVM puede terminar funcionando en el contexto de un estado de m\u00e1scara de depuraci\u00f3n de vCPU anterior. 2) CVE-2023-34328: una vCPU PV puede colocar un punto de interrupci\u00f3n sobre la GDT en vivo. Esto permite que PV vCPU aproveche XSA-156/CVE-2015-8104 y bloquee la CPU por completo."}], "id": "CVE-2023-34327", "lastModified": "2025-06-03T15:15:33.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-01-05T17:15:08.683", "references": [{"source": "security@xen.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://xenbits.xenproject.org/xsa/advisory-444.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://xenbits.xenproject.org/xsa/advisory-444.html"}], "sourceIdentifier": "security@xen.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}