PT-2023-7433 · Xen+2 · Xen+2

Andrew Cooper

·

Published

2023-11-14

·

Updated

2024-06-15

·

CVE-2023-46836

CVSS v3.1

4.7

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Xen (affected versions not specified)
Description The issue is related to the fixes for Branch Type Confusion and Speculative Return Stack Overflow not being IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original fix for Meltdown deliberately left interrupts enabled on two entry paths. As a result, there is a race condition whereby a malicious PV guest can bypass protections and launch an attack against Xen. This can allow an attacker to infer the contents of memory belonging to other guests. Xen is only vulnerable in default configurations on AMD and Hygon CPUs.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2023-08472
CVE-2023-46836
OPENSUSE-SU-2023_4466-1
OPENSUSE-SU-2023_4475-1
OPENSUSE-SU-2023_4476-1
OPENSUSE-SU-2024:13442-1
SUSE-SU-2023:4466-1
SUSE-SU-2023:4475-1
SUSE-SU-2023:4476-1
SUSE-SU-2023:4484-1
SUSE-SU-2023:4485-1
SUSE-SU-2023:4486-1
SUSE-SU-2023:4945-1

Affected Products

Debian
Suse
Xen