CVE-2023-34327

x86/AMD: Debug Mask handling

Description

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely.

Remediation

Workaround:

  • For CVE-2023-34327, HVM VMs which can see the DBEXT feature are not susceptible to running in the wrong state. By default, VMs will see the DBEXT feature on capable hardware, and when not explicitly levelled for migration compatibility. For CVE-2023-34328, PV VMs which cannot see the DBEXT feature cannot leverage the vulnerability.
5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.07%
Vendor Advisory xenproject.org
Affected: Xen Xen
Published at:
Updated at:

References

Link Tags
https://xenbits.xenproject.org/xsa/advisory-444.html patch vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-34327?
CVE-2023-34327 has been scored as a medium severity vulnerability.
How to fix CVE-2023-34327?
As a workaround for remediating CVE-2023-34327: For CVE-2023-34327, HVM VMs which can see the DBEXT feature are not susceptible to running in the wrong state. By default, VMs will see the DBEXT feature on capable hardware, and when not explicitly levelled for migration compatibility. For CVE-2023-34328, PV VMs which cannot see the DBEXT feature cannot leverage the vulnerability.
Is CVE-2023-34327 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-34327 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-34327?
CVE-2023-34327 affects Xen Xen.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.