2243164 – (CVE-2023-34324) CVE-2023-34324 xen: possible deadlock in Linux kernel event handling

Bug 2243164 (CVE-2023-34324) - CVE-2023-34324 xen: possible deadlock in Linux kernel event handling

Summary: CVE-2023-34324 xen: possible deadlock in Linux kernel event handling

Keywords:
Status:	NEW
Alias:	CVE-2023-34324
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2243165
Blocks:
TreeView+	depends on / blocked

Reported:	2023-10-11 04:48 UTC by Marian Rehak
Modified:	2023-10-12 16:49 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2023-10-11 04:48:59 UTC

Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable.
A (malicious) guest administrator could cause a denial of service (DoS) in a backend domain (other than dom0) by disabling a paravirtualized device. A malicious backend could cause DoS in a guest running a Linux kernel by disabling a paravirtualized device.

Comment 1 Marian Rehak 2023-10-11 04:49:12 UTC

Created xen tracking bugs for this issue:

Affects: fedora-all [bug 2243165]

Comment 2 Justin M. Forbes 2023-10-12 16:49:25 UTC

This is fixed in the 6.5.7 stable kernel updates.

Note You need to log in before you can comment on or make changes to this bug.