PT-2024-12471 · Amd+2 · Amd-Vi+2

Roger Pau

Published

2023-10-12

Updated

2024-06-15

CVE-2023-34326

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AMD-Vi (affected versions not specified)

Description The caching invalidation guidelines from the AMD-Vi specification are incorrect on some hardware, leading to devices malfunctioning if some fields of the DTE are updated but the IOMMU TLB is not flushed. This can cause stale DMA mappings, allowing access to unintended memory regions not owned by the guest.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-672

Related Identifiers

CVE-2023-34326

OPENSUSE-SU-2023_4054-1

OPENSUSE-SU-2023_4055-1

OPENSUSE-SU-2023_4174-1

OPENSUSE-SU-2023_4475-1

OPENSUSE-SU-2023_4476-1

OPENSUSE-SU-2024:13442-1

SUSE-SU-2023:4054-1

SUSE-SU-2023:4055-1

SUSE-SU-2023:4174-1

SUSE-SU-2023:4183-1

SUSE-SU-2023:4184-1

SUSE-SU-2023:4185-1

SUSE-SU-2023:4475-1

SUSE-SU-2023:4476-1

Affected Products

Amd-Vi

Debian

Suse

PT-2024-12471 · Amd+2 · Amd-Vi+2

CVE-2023-34326

Weakness Enumeration

Related Identifiers

Affected Products

References · 47