Xen Security Advisory: CTX575089Security Focus CVE-2023-34324  – Possible deadlock in Linux kernel event handling. Arm32 guests are NOT affected (11th Oct 2023)

Preface: Xen is an open-source hypervisor that allows the simultaneous development, execution, and management of multiple virtual machines on one physical computer. Xen offers two types of virtualization: paravirtualization and full virtualization.

Background: The Xen Project hypervisor is an open-source type-1 or bare-metal hypervisor. It allows many instances of an operating system or different operating systems to run in parallel on a single machine (or host). Xen hypervisor is used as the basis for many different commercial and open-source applications, such as: server virtualization, Infrastructure as a Service (IaaS), desktop virtualization, security applications, embedded, and hardware appliances.

Citrix Hypervisor is based on the Xen Project hypervisor, with extra features and supports provided by Citrix. Citrix Hypervisor 8.2 uses version 4.13.4 of the Xen hypervisor.

Vulnerability details: Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest.

Official announcement: Please refer to the link for details –

https://support.citrix.com/article/CTX575089/citrix-hypervisor-multiple-security-updates

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.