CVE-2023-34323

05.01.2024, 17:15

When a transaction is committed, C Xenstored will first check
the quota is correct before attempting to commit any nodes.  It would
be possible that accounting is temporarily negative if a node has
been removed outside of the transaction.

Unfortunately, some versions of C Xenstored are assuming that the
quota cannot be negative and are using assert() to confirm it.  This
will lead to C Xenstored crash when tools are built without -DNDEBUG
(this is the default).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
XEN	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 23%

Vendor	Product	Version
xen	xen	𝑥 < 4.17.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

xen

bullseye	unimportant
bullseye (security)	unimportant
bookworm	4.17.3+10-g091466ba55-1~deb12u1 fixed
bookworm (security)	4.17.5+23-ga4e5191dc0-1 fixed
trixie	4.17.3+36-g54dacb5c02-1 fixed
sid	4.19.1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

xen

oracular	needs-triage
noble	needs-triage
mantic	ignored
lunar	ignored
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	ignored

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

https://xenbits.xenproject.org/xsa/advisory-440.html