CVE-2023-34320

MEDIUM

ARM Cortex-a77 Firmware - Improper Locking

Title source: rule

Description

Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity.

References (2)

[Third Party Advisory] https://xenbits.xenproject.org/xsa/advisory-436.html

[Various Sources] http://xenbits.xen.org/xsa/advisory-436.html

Scores

CVSS v3 5.5

EPSS 0.0010

EPSS Percentile 28.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-667

Status published

Affected Products (3)

arm/cortex-a77_firmware

xen/xen

Timeline

Published Dec 08, 2023

Tracked Since Feb 18, 2026