CVE-2023-46836XEN vulnerability

5 documents4 sources
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 94.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XENDebian XEN
Timeline
PublishedJan 5

Description

The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown (XPTI) deliberately left interrupts enabled on two entry paths; one unconditionally, and one conditionally on whether XPTI was active. As BTC/SRSO and Meltdown affect different CPU vendors, the mitigations are not active together by default. Therefore, t

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages3 packages

debiandebian/xen< xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 (bookworm)
Alpinexen/xen< 4.15.5-r3+8
Debianxen/xen< 4.17.2+76-ge1f9cb16e2-1~deb12u1+2

Patches

Patch: xenbits.xenproject.orgPatch: xenbits.xenproject.org

🔴Vulnerability Details

3
GHSA
GHSA-4rmw-8gh7-w6g3: The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe2024-01-05
OSV
CVE-2023-46836: The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe2024-01-05
OSV
CVE-2023-46836: The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe2024-01-05

📋Vendor Advisories

1
Debian
CVE-2023-46836: xen - The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return St...2023