Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-34320
CVE-2023-34320:
Linux Debian vulnerability analysis and mitigation
Overview
CVE-2023-34320 affects Cortex-A77 cores (r0p0 and r1p0) due to erratum 1508412, where software could experience a core deadlock under specific circumstances involving either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity (XEN Advisory).
Technical details
The vulnerability has a CVSS v3.1 Base Score of 5.5 (MEDIUM) with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The issue is classified as CWE-667 (Improper Locking) and affects specific versions of ARM Cortex-A77 firmware (r0p0 and r1p0) (NVD).
Impact
A malicious guest that doesn't include the workaround for erratum 1508412 could trigger a deadlock on the core, which will ultimately result in a system-wide deadlock (XEN Advisory).
Mitigation and workarounds
To properly handle the erratum, it requires an updated firmware and both the hypervisor and guest OSes must have the workaround implemented. However, it is not possible to security support Xen on the Cortex-A77, even on systems with the workaround enabled. The only option is to run Xen with trusted guests only (XEN Advisory).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management