xenstored: A transaction conflict can crash C Xenstored
CVE-2023-34323

5.5MEDIUM

Key Information:

Vendor: Xen Project
Status: Xen
Vendor: CVE Published:; 5 January 2024

What is CVE-2023-34323?

The vulnerability in C Xenstored arises during transaction commitment due to a flawed validation mechanism for quota checks. If a node is removed from the system outside of the transaction, the accounting could mistakenly reflect a negative value. This situation is typically safeguarded by an assertion check, under the assumption that quotas cannot be negative. However, in certain versions of C Xenstored, this assumption is incorrect, potentially leading to a crash. The issue is exacerbated when tools are compiled without the -DNDEBUG flag, which is commonly the default setting, resulting in further instability in affected environments. Proper handling of quota assertions is critical to maintaining the reliability and performance of C Xenstored.

Affected Version(s)

Xen consult Xen advisory XSA-440

References

https://xenbits.xenproject.org/xsa/advisory-440.html

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 5, 2024
Vulnerability Reserved
Jun 1, 2023

Credit

This issue was discovered by Stanislav Uschakow and Julien Grall, all from Amazon.

Xen Project

What is CVE-2023-34323?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit