{"id":"CVE-2023-34328","details":"\n[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nAMD CPUs since ~2014 have extensions to normal x86 debugging functionality.\nXen supports guests using these extensions.\n\nUnfortunately there are errors in Xen's handling of the guest state, leading\nto denials of service.\n\n 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of\n    a previous vCPUs debug mask state.\n\n 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT.\n    This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock\n    up the CPU entirely.\n","modified":"2026-03-14T12:07:22.695384Z","published":"2024-01-05T17:15:08.730Z","related":["SUSE-SU-2023:4054-1","SUSE-SU-2023:4055-1","SUSE-SU-2023:4174-1","SUSE-SU-2023:4183-1","SUSE-SU-2023:4184-1","SUSE-SU-2023:4185-1","SUSE-SU-2023:4475-1","SUSE-SU-2023:4476-1"],"references":[{"type":"ADVISORY","url":"http://xenbits.xen.org/xsa/advisory-444.html"},{"type":"FIX","url":"https://xenbits.xenproject.org/xsa/advisory-444.html"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"4.5.0"},{"fixed":"4.14.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34328.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}