cve-2023-34326
Vulnerability from cvelistv5
Published
2024-01-05 16:30
Modified
2024-08-02 16:10
Severity ?
Summary
x86/AMD: missing IOMMU TLB flushing
Impacted products
XenXen
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:10:06.955Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://xenbits.xenproject.org/xsa/advisory-442.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Xen",
          "vendor": "Xen",
          "versions": [
            {
              "status": "unknown",
              "version": "consult Xen advisory XSA-442"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "All Xen versions supporting PCI passthrough are affected.\n\nOnly x86 AMD systems with IOMMU hardware are vulnerable.\n\nOnly x86 guests which have physical devices passed through to them can\nleverage the vulnerability.\n"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This issue was discovered by Roger Pau Monn\u00e9 of XenServer.\n"
        }
      ],
      "datePublic": "2023-10-10T11:26:00Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The caching invalidation guidelines from the AMD-Vi specification (48882\u2014Rev\n3.07-PUB\u2014Oct 2022) is incorrect on some hardware, as devices will malfunction\n(see stale DMA mappings) if some fields of the DTE are updated but the IOMMU\nTLB is not flushed.\n\nSuch stale DMA mappings can point to memory ranges not owned by the guest, thus\nallowing access to unindented memory regions.\n"
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Privilege escalation, Denial of Service (DoS) affecting the entire host,\nand information leaks.\n"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-05T16:30:57.225Z",
        "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
        "shortName": "XEN"
      },
      "references": [
        {
          "url": "https://xenbits.xenproject.org/xsa/advisory-442.html"
        }
      ],
      "title": "x86/AMD: missing IOMMU TLB flushing",
      "workarounds": [
        {
          "lang": "en",
          "value": "Not passing through physical devices to guests will avoid the vulnerability.\n"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
    "assignerShortName": "XEN",
    "cveId": "CVE-2023-34326",
    "datePublished": "2024-01-05T16:30:57.225Z",
    "dateReserved": "2023-06-01T10:44:17.065Z",
    "dateUpdated": "2024-08-02T16:10:06.955Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-34326\",\"sourceIdentifier\":\"security@xen.org\",\"published\":\"2024-01-05T17:15:08.637\",\"lastModified\":\"2024-01-11T15:57:03.720\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The caching invalidation guidelines from the AMD-Vi specification (48882\u2014Rev\\n3.07-PUB\u2014Oct 2022) is incorrect on some hardware, as devices will malfunction\\n(see stale DMA mappings) if some fields of the DTE are updated but the IOMMU\\nTLB is not flushed.\\n\\nSuch stale DMA mappings can point to memory ranges not owned by the guest, thus\\nallowing access to unindented memory regions.\\n\"},{\"lang\":\"es\",\"value\":\"Las pautas de invalidaci\u00f3n de almacenamiento en cach\u00e9 de la especificaci\u00f3n AMD-Vi (48882\u2014Rev 3.07-PUB\u2014octubre de 2022) son incorrectas en algunos hardware, ya que los dispositivos funcionar\u00e1n mal (consulte las asignaciones de DMA obsoletas) si algunos campos del DTE se actualizan pero el IOMMU TLB no est\u00e1 eliminado. Estas asignaciones de DMA obsoletas pueden apuntar a rangos de memoria que no pertenecen al hu\u00e9sped, lo que permite el acceso a regiones de memoria sin sangr\u00eda.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B9CCC2-BAC5-4A65-B8D4-4B71EBBA0C2F\"}]}]}],\"references\":[{\"url\":\"https://xenbits.xenproject.org/xsa/advisory-442.html\",\"source\":\"security@xen.org\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.