CVE-2023-34322

top-level shadow reference dropped too early for 64-bit PV guests

Description

For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests this means running on the shadow of the guest root page table. In the course of dealing with shortage of memory in the shadow pool associated with a domain, shadows of page tables may be torn down. This tearing down may include the shadow root page table that the CPU in question is presently running on. While a precaution exists to supposedly prevent the tearing down of the underlying live page table, the time window covered by that precaution isn't large enough.

Remediation

Workaround:

  • Running only HVM or PVH guests will avoid the vulnerability. Running PV guests in the PV shim will also avoid the vulnerability.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.05%
Vendor Advisory xenproject.org
Affected: Xen Xen
Published at:
Updated at:

References

Link Tags
https://xenbits.xenproject.org/xsa/advisory-438.html vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-34322?
CVE-2023-34322 has been scored as a high severity vulnerability.
How to fix CVE-2023-34322?
As a workaround for remediating CVE-2023-34322: Running only HVM or PVH guests will avoid the vulnerability. Running PV guests in the PV shim will also avoid the vulnerability.
Is CVE-2023-34322 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-34322 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-34322?
CVE-2023-34322 affects Xen Xen.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.