Gentoo update for Xen
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 20 |
| CVE-ID | CVE-2022-42336 CVE-2023-28746 CVE-2023-34319 CVE-2023-34320 CVE-2023-34321 CVE-2023-34322 CVE-2023-34323 CVE-2023-34324 CVE-2023-34325 CVE-2023-34327 CVE-2023-34328 CVE-2023-46835 CVE-2023-46836 CVE-2023-46837 CVE-2023-46839 CVE-2023-46840 CVE-2023-46841 CVE-2023-46842 CVE-2024-2193 CVE-2024-31142 |
| CWE-ID | CWE-190 CWE-200 CWE-119 CWE-833 CWE-399 CWE-617 CWE-121 CWE-371 CWE-264 CWE-254 CWE-20 CWE-362 CWE-843 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Gentoo Linux Operating systems & Components / Operating system app-emulation/xen Operating systems & Components / Operating system package or component |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 20 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU77522
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42336
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote guest to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in SSBD imlementation. A remote guest can mislead other guests into observing SSBD active when it is not.
Update the affected packages.
app-emulation/xen to version: 4.17.4
Gentoo Linux: All versions
app-emulation/xen: before 4.17.4
CPE2.3 External linkshttp://security.gentoo.org/glsa/202409-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU87457
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28746
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to information exposure through microarchitectural state after transient execution from some register files for some Intel Atom Processors. A local user can gain access to sensitive information.
Update the affected packages.
app-emulation/xen to version: 4.17.4
Gentoo Linux: All versions
app-emulation/xen: before 4.17.4
CPE2.3 External linkshttp://security.gentoo.org/glsa/202409-10
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU79260
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34319
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in netback when processing certain packets. A malicious guest can send specially crafted packets to the backend, trigger memory corruption and crash the hypervisor.
Update the affected packages.
app-emulation/xen to version: 4.17.4
Gentoo Linux: All versions
app-emulation/xen: before 4.17.4
CPE2.3 External linkshttp://security.gentoo.org/glsa/202409-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Deadlock
EUVDB-ID: #VU79040
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34320
CWE-ID:
CWE-833 - Deadlock
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to a coding error in code for Cortex-A77 cores (r0p0 and r1p0). A malicious guest can trigger a deadlock and perform a denial of service (DoS) attack.
Update the affected packages.
app-emulation/xen to version: 4.17.4
Gentoo Linux: All versions
app-emulation/xen: before 4.17.4
CPE2.3 External linkshttp://security.gentoo.org/glsa/202409-10
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU80470
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34321
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to gain access to potentially sensitive information.
The vulnerability exists due to an error when cleaning cache on arm32 systems. A malicious guest can read sensitive data from memory of another guest.
Update the affected packages.
app-emulation/xen to version: 4.17.4
Gentoo Linux: All versions
app-emulation/xen: before 4.17.4
CPE2.3 External linkshttp://security.gentoo.org/glsa/202409-10
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource management error
EUVDB-ID: #VU80924
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34322
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to improper management of internal resources when running PV guests in shadow paging mode. A malicious guest can run a specially crafted application on the system that causes shortage of memory in the associated with the domain shadow pool and forces Xen to tear down page tables. This can result in memory leak, denial of service or privilege escalation.
The vulnerability can be exploited by 64-bit PV guests on x86 systems.
Update the affected packages.
app-emulation/xen to version: 4.17.4
Gentoo Linux: All versions
app-emulation/xen: before 4.17.4
CPE2.3 External linkshttp://security.gentoo.org/glsa/202409-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Reachable Assertion
EUVDB-ID: #VU81895
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34323
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote guest to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when handling negative quota values in C Xenstored. A malicious guest can craft a transaction that forces C Xenstored to check quota value and perform a denial of service attack.
Update the affected packages.
app-emulation/xen to version: 4.17.4
Gentoo Linux: All versions
app-emulation/xen: before 4.17.4
CPE2.3 External linkshttp://security.gentoo.org/glsa/202409-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Deadlock
EUVDB-ID: #VU81900
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34324
CWE-ID:
CWE-833 - Deadlock
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper event handling in Linux kernel. A malicious guest can disable paravirtualized device to cause a deadlock in a backend domain (other than dom0).
Update the affected packages.
app-emulation/xen to version: 4.17.4
Gentoo Linux: All versions
app-emulation/xen: before 4.17.4
CPE2.3 External linkshttp://security.gentoo.org/glsa/202409-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Stack-based buffer overflow
EUVDB-ID: #VU81886
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34325
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote guest to escalate privileges on the system.
Update the affected packages.
app-emulation/xen to version: 4.17.4
Gentoo Linux: All versions
app-emulation/xen: before 4.17.4
CPE2.3 External linkshttp://security.gentoo.org/glsa/202409-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) State Issues
EUVDB-ID: #VU81901
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34327
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of guest state when using Debug Masks in HVM vCPU. A malicious guest can perform a denial of service (DoS) attack against the guest OS.
Update the affected packages.
app-emulation/xen to version: 4.17.4
Gentoo Linux: All versions
app-emulation/xen: before 4.17.4
CPE2.3 External linkshttp://security.gentoo.org/glsa/202409-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) State Issues
EUVDB-ID: #VU81903
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34328
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of guest state in PV vCPU. A malicious guest place a breakpoint over the live GDT and perform a denial of service (DoS) attack against the host.Mitigation
Update the affected packages.
app-emulation/xen to version: 4.17.4
Gentoo Linux: All versions
app-emulation/xen: before 4.17.4
CPE2.3 External linkshttp://security.gentoo.org/glsa/202409-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU83162
Risk: Medium
CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46835
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote guest to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions caused by a mismatch in IOMMU quarantine page table levels. A device in quarantine mode can access data from previous quarantine page table usages, possibly leaking data used by previous domains that also had the device assigned.
Update the affected packages.
app-emulation/xen to version: 4.17.4
Gentoo Linux: All versions
app-emulation/xen: before 4.17.4
CPE2.3 External linkshttp://security.gentoo.org/glsa/202409-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Security features bypass
EUVDB-ID: #VU83163
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46836
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote guest to bypass implemented security restrictions.
The vulnerability exists due to improper implementation of mitigations against BTC/SRSO. A malicious guest can bypass BTC/SRSO protections and launch a BTC/SRSO attack against Xen, which can result in memory access to other guests.
Update the affected packages.
app-emulation/xen to version: 4.17.4
Gentoo Linux: All versions
app-emulation/xen: before 4.17.4
CPE2.3 External linkshttp://security.gentoo.org/glsa/202409-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Resource management error
EUVDB-ID: #VU84103
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46837
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to gain access to sensitive information.
The vulnerability exists due to improper management of internal resources on arm32 processors caused by improper invalidation of cache. A malicious guest can read sensitive data from memory of another guest.
Update the affected packages.
app-emulation/xen to version: 4.17.4
Gentoo Linux: All versions
app-emulation/xen: before 4.17.4
CPE2.3 External linkshttp://security.gentoo.org/glsa/202409-10
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU85929
Risk: Low
CVSSv3.1: 2.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46839
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to gain access to sensitive information.
The vulnerability exists due to an error in phantom functions implementation for PCI devices. Under certain circumstances a malicious guest assigned a PCI device with phantom functions may be able to access memory from a previous owner of the device.
Update the affected packages.
app-emulation/xen to version: 4.17.4
Gentoo Linux: All versions
app-emulation/xen: before 4.17.4
CPE2.3 External linkshttp://security.gentoo.org/glsa/202409-10
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU85928
Risk: Medium
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46840
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to bypass implemented security restrictions.
The vulnerability exists due to incorrect placement of a preprocessor directive in source code, which results in a logic error when support for HVM guests is compiled out of Xen and CONFIG_HVM is disabled at Xen's build time. When a device is removed from a domain, it is not properly quarantined and retains its access to the domain to which it was previously assigned. An attacker with control over a malicious guest can retain access to the domain after it has been removed from it.
Update the affected packages.
app-emulation/xen to version: 4.17.4
Gentoo Linux: All versions
app-emulation/xen: before 4.17.4
CPE2.3 External linkshttp://security.gentoo.org/glsa/202409-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Resource management error
EUVDB-ID: #VU86860
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46841
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote guest to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect implementation of the Shadow Stacks (CET-SS) feature. An unprivileged guest can cause a hypervisor crash, causing a Denial of Service (DoS) of the entire host.
Update the affected packages.
app-emulation/xen to version: 4.17.4
Gentoo Linux: All versions
app-emulation/xen: before 4.17.4
CPE2.3 External linkshttp://security.gentoo.org/glsa/202409-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Input validation error
EUVDB-ID: #VU88228
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46842
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of register values when invoking a hypercall. A malicious HVM or PVH guest can pass specially crafted input to the hypervisor and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/xen to version: 4.17.4
Gentoo Linux: All versions
app-emulation/xen: before 4.17.4
CPE2.3 External linkshttp://security.gentoo.org/glsa/202409-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Race condition
EUVDB-ID: #VU87374
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-2193
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a speculative race condition. A local user can exploit the race and gain unauthorized access to contents of arbitrary host memory, including memory assigned to other guests.
The vulnerability was dubbed GhostRace.
Update the affected packages.
app-emulation/xen to version: 4.17.4
Gentoo Linux: All versions
app-emulation/xen: before 4.17.4
CPE2.3 External linkshttp://security.gentoo.org/glsa/202409-10
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Type confusion
EUVDB-ID: #VU88372
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-31142
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to a logical error caused by a branch type confusion when implementing fixes for the following vulnerabilities:
#VU65219 (CVE-2022-23816)
#VU65204 (CVE-2022-23825)
#VU65205 (CVE-2022-29900)
#VU79263 (CVE-2023-20569)
A malicious guest can gain access to sensitive information and escalate privileges on the system.
Update the affected packages.
app-emulation/xen to version: 4.17.4
Gentoo Linux: All versions
app-emulation/xen: before 4.17.4
CPE2.3 External linkshttp://security.gentoo.org/glsa/202409-10
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
