{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Xen ist ein Virtueller-Maschinen-Monitor (VMM), der Hardware (x86, IA-64, PowerPC) für die darauf laufenden Systeme (Domains) paravirtualisiert.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein lokaler Angreifer kann eine Schwachstelle in Xen ausnutzen, um seine Privilegien zu erhöhen, einen Denial of Service zu verursachen oder Informationen offenzulegen.", "title" : "Angriff" }, { "category" : "general", "text" : "- UNIX\n- Linux", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2023-2399 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2399.json" }, { "category" : "self", "summary" : "WID-SEC-2023-2399 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2399" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2023:4476-1 vom 2023-11-17", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017058.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2023:4475-1 vom 2023-11-17", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017059.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2023:3894-1 vom 2023-09-29", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016464.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2023:3903-1 vom 2023-09-29", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016465.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2023:3902-1 vom 2023-09-29", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016466.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2023:3895-1 vom 2023-09-29", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016463.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2023:3832-1 vom 2023-09-27", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016360.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2023:3831-1 vom 2023-09-27", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016361.html" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-2023-35D2AD2328 vom 2023-09-26", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2023-35d2ad2328" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-2023-948136565A vom 2023-09-26", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2023-948136565a" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-2023-4125279976 vom 2023-09-26", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2023-4125279976" }, { "category" : "external", "summary" : "Xen Security Advisory vom 2023-09-19", "url" : "https://xenbits.xen.org/xsa/advisory-438.html" } ], "source_lang" : "en-US", "title" : "Xen: Schwachstelle ermöglicht Privilegieneskalation, DoS und Offenlegung von Informationen", "tracking" : { "current_release_date" : "2023-11-16T23:00:00.000+00:00", "generator" : { "date" : "2024-08-15T17:58:38.725+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.3.5" } }, "id" : "WID-SEC-W-2023-2399", "initial_release_date" : "2023-09-19T22:00:00.000+00:00", "revision_history" : [ { "date" : "2023-09-19T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2023-09-26T22:00:00.000+00:00", "number" : "2", "summary" : "Neue Updates von Fedora aufgenommen" }, { "date" : "2023-09-27T22:00:00.000+00:00", "number" : "3", "summary" : "Neue Updates von SUSE aufgenommen" }, { "date" : "2023-10-01T22:00:00.000+00:00", "number" : "4", "summary" : "Neue Updates von SUSE aufgenommen" }, { "date" : "2023-11-16T23:00:00.000+00:00", "number" : "5", "summary" : "Neue Updates von SUSE aufgenommen" } ], "status" : "final", "version" : "5" } }, "product_tree" : { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Fedora Linux", "product" : { "name" : "Fedora Linux", "product_id" : "74185", "product_identification_helper" : { "cpe" : "cpe:/o:fedoraproject:fedora:-" } } } ], "category" : "vendor", "name" : "Fedora" }, { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Open Source Xen < 438-4.15.patch", "product" : { "name" : "Open Source Xen < 438-4.15.patch", "product_id" : "T029991", "product_identification_helper" : { "cpe" : "cpe:/o:xen:xen:438-4.15.patch" } } }, { "category" : "product_name", "name" : "Open Source Xen < 438-4.16.patch", "product" : { "name" : "Open Source Xen < 438-4.16.patch", "product_id" : "T029992", "product_identification_helper" : { "cpe" : "cpe:/o:xen:xen:438-4.16.patch" } } }, { "category" : "product_name", "name" : "Open Source Xen < 438-4.17.patch", "product" : { "name" : "Open Source Xen < 438-4.17.patch", "product_id" : "T029993", "product_identification_helper" : { "cpe" : "cpe:/o:xen:xen:438-4.17.patch" } } }, { "category" : "product_name", "name" : "Open Source Xen < 438.patch", "product" : { "name" : "Open Source Xen < 438.patch", "product_id" : "T029994", "product_identification_helper" : { "cpe" : "cpe:/o:xen:xen:438.patch" } } } ], "category" : "product_name", "name" : "Xen" } ], "category" : "vendor", "name" : "Open Source" }, { "branches" : [ { "category" : "product_name", "name" : "SUSE Linux", "product" : { "name" : "SUSE Linux", "product_id" : "T002207", "product_identification_helper" : { "cpe" : "cpe:/o:suse:suse_linux:-" } } } ], "category" : "vendor", "name" : "SUSE" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2023-34322", "notes" : [ { "category" : "description", "text" : "Es existiert eine Schwachstelle in Xen. Wenn PV-Gäste im Shadow-Paging-Modus ausgeführt werden, kommt es unter bestimmten Umständen zu einer unsachgemäßen Behandlung der \"shadow root page table\". Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um potentiell seine Rechte zu erweitern, einen Denial of Service zu verursachen oder Informationen offenzulegen." } ], "product_status" : { "known_affected" : [ "T002207", "74185" ] }, "release_date" : "2023-09-19T22:00:00.000+00:00", "title" : "CVE-2023-34322" } ] }