PT-2023-30240 · Xen+1 · Xen+1
Michal Orzel
·
Published
2023-12-12
·
Updated
2024-02-15
·
CVE-2023-46837
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Xen (affected versions not specified)
Description
The issue arises from the arithmetics in the cache cleaning and invalidation helpers overflowing, which can result in skipping the cache cleaning/invalidation. This means there is no guarantee that all writes will reach memory. The problem is related to allocating guest memory and ensuring writes have reached memory before handing over the page to a guest. A malicious guest may be able to read sensitive data from memory that previously belonged to another guest. Only Arm 32-bit systems are vulnerable.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Xen