Linux 内核事件处理中可能出现死锁 (CVE-2023-34324)

admin

0
文章

0
评论

2024-01-06 14:33:04 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

Linux 内核事件处理中可能出现死锁 (CVE-2023-34324)

CVE编号

CVE-2023-34324

利用情况

暂无

补丁情况

N/A

披露时间

2024-01-06

漏洞描述

Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn't block further readers to get the lock).

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://xenbits.xenproject.org/xsa/advisory-441.html

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	系统	amazon_2	kernel	*		Up to (excluding) 5.4.258-171.360.amzn2
	运行在以下环境
	系统	amazon_2023	kernel	*		Up to (excluding) 6.1.59-84.139.amzn2023
	运行在以下环境
	系统	amazon_AMI	kernel	*		Up to (excluding) 4.14.328-174.540.amzn1
	运行在以下环境
	系统	debian_11	linux	*		Up to (excluding) 5.10.205-2
	运行在以下环境
	系统	debian_12	linux	*		Up to (excluding) 6.1.64-1
	运行在以下环境
	系统	opensuse_5.3	kernel	*		Up to (excluding) 5.14.21-150400.15.59.1
	运行在以下环境
	系统	opensuse_5.4	kernel	*		Up to (excluding) 5.14.21-150400.15.59.1
	运行在以下环境
	系统	opensuse_Leap_15.4	dtb-al	*		Up to (excluding) 5.3.18-150300.59.141.1
	运行在以下环境
	系统	opensuse_Leap_15.5	kernel	*		Up to (excluding) 4.12.14-150100.197.160.1
	运行在以下环境
	系统	suse_12_SP5	kernel	*		Up to (excluding) 4.12.14-16.155.1