CVE-2023-34324

Possible deadlock in Linux kernel event handling

Published: 1/5/2024 Last updated: 6/5/2025 Reserved: 6/1/2023

Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn't block further readers to get the lock).

CNA assigner: XEN (23aa2041-22e1-471f-9209-9b7396fa234f) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	4.9	Medium	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (1)

Product	Vendor	Version
Linux	Linux	QCS610

References (6)

Credits (1)

1 This issue was discovered as a bug by Marek Marczykowski-Górecki of Invisible Things Lab; the security impact was recognised by Jürgen Groß of SUSE.