cvelistv5 - cve-2023-46837

URL	Tags
security@xen.org	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFVKWYQFRUU3CAS53THTUKXEOUDWI42G/
security@xen.org	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XLL6SQ6IKFYXLYWITYZCRV5IBRK5G35R/
security@xen.org	https://xenbits.xenproject.org/xsa/advisory-447.html	Patch, Vendor Advisory

▼	Vendor	Product
	Xen	Xen

ghsa-v75r-qqcp-59c7

Vulnerability from github

Published

2024-01-05 18:30

Modified

2024-02-15 03:30

Severity ?

3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest.

Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory.

This undefined behavior was meant to be addressed by XSA-437, but the approach was not sufficient.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-46837"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-05T17:15:11Z",
    "severity": "LOW"
  },
  "details": "Arm provides multiple helpers to clean \u0026 invalidate the cache\nfor a given region.  This is, for instance, used when allocating\nguest memory to ensure any writes (such as the ones during scrubbing)\nhave reached memory before handing over the page to a guest.\n\nUnfortunately, the arithmetics in the helpers can overflow and would\nthen result to skip the cache cleaning/invalidation.  Therefore there\nis no guarantee when all the writes will reach the memory.\n\nThis undefined behavior was meant to be addressed by XSA-437, but the\napproach was not sufficient.\n",
  "id": "GHSA-v75r-qqcp-59c7",
  "modified": "2024-02-15T03:30:19Z",
  "published": "2024-01-05T18:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46837"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFVKWYQFRUU3CAS53THTUKXEOUDWI42G"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XLL6SQ6IKFYXLYWITYZCRV5IBRK5G35R"
    },
    {
      "type": "WEB",
      "url": "https://xenbits.xenproject.org/xsa/advisory-447.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2023-46837

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory. This undefined behavior was meant to be addressed by XSA-437, but the approach was not sufficient.

Aliases

CVE-2023-46837

Aliases

CVE-2023-46837

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-46837",
    "id": "GSD-2023-46837"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-46837"
      ],
      "details": "Arm provides multiple helpers to clean \u0026 invalidate the cache\nfor a given region.  This is, for instance, used when allocating\nguest memory to ensure any writes (such as the ones during scrubbing)\nhave reached memory before handing over the page to a guest.\n\nUnfortunately, the arithmetics in the helpers can overflow and would\nthen result to skip the cache cleaning/invalidation.  Therefore there\nis no guarantee when all the writes will reach the memory.\n\nThis undefined behavior was meant to be addressed by XSA-437, but the\napproach was not sufficient.\n",
      "id": "GSD-2023-46837",
      "modified": "2023-12-13T01:20:52.823909Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@xen.org",
        "ID": "CVE-2023-46837",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Xen",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unknown",
                            "versions": [
                              {
                                "status": "unknown",
                                "version": "consult Xen advisory XSA-447"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Xen"
            }
          ]
        }
      },
      "configuration": [
        {
          "lang": "en",
          "value": "Systems running all version of Xen are affected.\n\nOnly systems running Xen on Arm 32-bit are vulnerable.  Xen on Arm 64-bit\nis not affected.\n"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Michal Orzel from AMD.\n"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Arm provides multiple helpers to clean \u0026 invalidate the cache\nfor a given region.  This is, for instance, used when allocating\nguest memory to ensure any writes (such as the ones during scrubbing)\nhave reached memory before handing over the page to a guest.\n\nUnfortunately, the arithmetics in the helpers can overflow and would\nthen result to skip the cache cleaning/invalidation.  Therefore there\nis no guarantee when all the writes will reach the memory.\n\nThis undefined behavior was meant to be addressed by XSA-437, but the\napproach was not sufficient.\n"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://xenbits.xenproject.org/xsa/advisory-447.html",
            "refsource": "MISC",
            "url": "https://xenbits.xenproject.org/xsa/advisory-447.html"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XLL6SQ6IKFYXLYWITYZCRV5IBRK5G35R/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XLL6SQ6IKFYXLYWITYZCRV5IBRK5G35R/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFVKWYQFRUU3CAS53THTUKXEOUDWI42G/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFVKWYQFRUU3CAS53THTUKXEOUDWI42G/"
          }
        ]
      },
      "work_around": [
        {
          "lang": "en",
          "value": "There is no known mitigation.\n"
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*",
                    "matchCriteriaId": "9E211AB0-41AD-40D0-AF03-D285F42C6163",
                    "versionEndIncluding": "4.16",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Arm provides multiple helpers to clean \u0026 invalidate the cache\nfor a given region.  This is, for instance, used when allocating\nguest memory to ensure any writes (such as the ones during scrubbing)\nhave reached memory before handing over the page to a guest.\n\nUnfortunately, the arithmetics in the helpers can overflow and would\nthen result to skip the cache cleaning/invalidation.  Therefore there\nis no guarantee when all the writes will reach the memory.\n\nThis undefined behavior was meant to be addressed by XSA-437, but the\napproach was not sufficient.\n"
          },
          {
            "lang": "es",
            "value": "Arm proporciona m\u00faltiples ayudas para limpiar e invalidar el cach\u00e9 de una regi\u00f3n determinada. Esto se utiliza, por ejemplo, al asignar memoria de invitado para garantizar que cualquier escritura (como las que se realizan durante la limpieza) haya alcanzado la memoria antes de entregar la p\u00e1gina a un invitado. Desafortunadamente, la aritm\u00e9tica en los asistentes puede desbordarse y entonces se omitir\u00eda la limpieza/invalidaci\u00f3n de la cach\u00e9. Por lo tanto, no hay garant\u00eda de cu\u00e1ndo todas las escrituras llegar\u00e1n a la memoria. Este comportamiento indefinido deb\u00eda ser abordado por XSA-437, pero el enfoque no fue suficiente."
          }
        ],
        "id": "CVE-2023-46837",
        "lastModified": "2024-02-15T03:15:34.683",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 1.4,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2024-01-05T17:15:11.247",
        "references": [
          {
            "source": "security@xen.org",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFVKWYQFRUU3CAS53THTUKXEOUDWI42G/"
          },
          {
            "source": "security@xen.org",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XLL6SQ6IKFYXLYWITYZCRV5IBRK5G35R/"
          },
          {
            "source": "security@xen.org",
            "tags": [
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://xenbits.xenproject.org/xsa/advisory-447.html"
          }
        ],
        "sourceIdentifier": "security@xen.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-119"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

wid-sec-w-2023-3133

Vulnerability from csaf_certbund

Published

2023-12-12 23:00

Modified

2023-12-12 23:00

Summary

Xen: Schwachstelle ermöglicht Offenlegung von Informationen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Xen ist ein Virtueller-Maschinen-Monitor (VMM), der Hardware (x86, IA-64, PowerPC) für die darauf laufenden Systeme (Domains) paravirtualisiert.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in Xen ausnutzen, um Informationen offenzulegen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Xen ist ein Virtueller-Maschinen-Monitor (VMM), der Hardware (x86, IA-64, PowerPC) f\u00fcr die darauf laufenden Systeme (Domains) paravirtualisiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in Xen ausnutzen, um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-3133 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3133.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-3133 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3133"
      },
      {
        "category": "external",
        "summary": "Xen Security Advisory 447 v2 vom 2023-12-12",
        "url": "http://xenbits.xen.org/xsa/advisory-447.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Xen: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2023-12-12T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:54:07.424+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-3133",
      "initial_release_date": "2023-12-12T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-12-12T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Open Source Xen 4.16.x",
                "product": {
                  "name": "Open Source Xen 4.16.x",
                  "product_id": "T022294",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:xen:xen:4.16.x"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Xen 4.17.x",
                "product": {
                  "name": "Open Source Xen 4.17.x",
                  "product_id": "T031107",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:xen:xen:4.17.x"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Xen 4.15.x",
                "product": {
                  "name": "Open Source Xen 4.15.x",
                  "product_id": "T031109",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:xen:xen:4.15.x"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Xen"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-46837",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Xen wenn es auf arm32 Architekturen ausgef\u00fchrt wird. Unter bestimmten Umst\u00e4nden wird ein Cache nicht ordnungsgem\u00e4\u00df bereinigt. Dadurch k\u00f6nnen Daten aus dem Speicher gelesen werden, die zuvor einem anderen Gastsystem geh\u00f6rten. Ein Angreifer aus einem Gastsystem kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031107",
          "T031109",
          "T022294"
        ]
      },
      "release_date": "2023-12-12T23:00:00Z",
      "title": "CVE-2023-46837"
    }
  ]
}

cve-2023-46837

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

cve-2023-46837

Vulnerability from cvelistv5

ghsa-v75r-qqcp-59c7

Vulnerability from github

gsd-2023-46837

Vulnerability from gsd

wid-sec-w-2023-3133

Vulnerability from csaf_certbund

Tags

Sightings

Nomenclature