CVE-2023-46839Fedora vulnerability

7 documents6 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 51.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XENFedoraproject Fedora
Timeline
PublishedMar 20

Description

PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions need an IOMMU context setup, but failure to setup the context is not fatal when the device is assigned. Not failing device assignment when such failure happens can lead to the primary device being assigned to a guest, while

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

Alpinexen/xen< 4.16.5-r6+7
Debianxen/xen< 4.17.3+10-g091466ba55-1~deb12u1+2

Also affects: Fedora 39

Patches

Patch: xenbits.xenproject.orgPatch: xenbits.xen.orgPatch: xenbits.xenproject.org

🔴Vulnerability Details

4
OSV
CVE-2023-46839: PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functi2024-03-20
CVEList
pci: phantom functions assigned to incorrect contexts2024-03-20
GHSA
GHSA-8f65-fxmq-vvpx: PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functi2024-03-20
OSV
CVE-2023-46839: PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functi2024-03-20

📋Vendor Advisories

2
Red Hat
xen: phantom functions assigned to incorrect contexts2024-03-20
Debian
CVE-2023-46839: xen - PCI devices can make use of a functionality called phantom functions, that when ...2023
CVE-2023-46839 — Fedoraproject Fedora vulnerability | cvebase