CVE-2023-46835Out-of-bounds Write in XEN

CWE-787Out-of-bounds Write6 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 75.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XENDebian XEN
Timeline
PublishedJan 5

Description

The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU. On systems without RAM above the 512GB boundary amd_iommu_quara

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/xen< xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 (bookworm)
Alpinexen/xen< 4.15.5-r3+8
Debianxen/xen< 4.17.2+76-ge1f9cb16e2-1~deb12u1+2

Patches

Patch: xenbits.xenproject.orgPatch: xenbits.xenproject.org

🔴Vulnerability Details

3
GHSA
GHSA-c2mm-wq7p-rpm8: The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMA2024-01-05
OSV
CVE-2023-46835: The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMA2024-01-05
OSV
CVE-2023-46835: The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMA2024-01-05

📋Vendor Advisories

1
Debian
CVE-2023-46835: xen - The current setup of the quarantine page tables assumes that the quarantine doma...2023

🕵️Threat Intelligence

1
Bleepingcomputer
Citrix Hypervisor gets hotfix for new Reptar Intel CPU flaw2023-11-15