CVE-2023-46836

Name of the Vulnerable Software and Affected Versions Xen (affected versions not specified)

Description The issue is related to the fixes for Branch Type Confusion and Speculative Return Stack Overflow not being IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original fix for Meltdown deliberately left interrupts enabled on two entry paths. As a result, there is a race condition whereby a malicious PV guest can bypass protections and launch an attack against Xen. This can allow an attacker to infer the contents of memory belonging to other guests. Xen is only vulnerable in default configurations on AMD and Hygon CPUs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.