CVE-2023-46837

Name of the Vulnerable Software and Affected Versions Xen (affected versions not specified)

Description The issue arises from the arithmetics in the cache cleaning and invalidation helpers overflowing, which can result in skipping the cache cleaning/invalidation. This means there is no guarantee that all writes will reach memory. The problem is related to allocating guest memory and ensuring writes have reached memory before handing over the page to a guest. A malicious guest may be able to read sensitive data from memory that previously belonged to another guest. Only Arm 32-bit systems are vulnerable.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.