CVE-2023-46840Always-Incorrect Control Flow Implementation in Fedora

CWE-670Always-Incorrect Control Flow Implementation6 documents5 sources
Severity
4.1MEDIUMNVD
EPSS
0.1%
top 77.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XENFedoraproject Fedora
Timeline
PublishedMar 20

Description

Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 0.5 | Impact: 3.6

Affected Packages3 packages

Alpinexen/xen< 0+7
Debianxen/xen< 4.17.3+10-g091466ba55-1~deb12u1+2
NVDxen/xen

Also affects: Fedora 39

Patches

Patch: xenbits.xenproject.orgPatch: xenbits.xen.orgPatch: xenbits.xenproject.org

🔴Vulnerability Details

4
OSV
CVE-2023-46840: Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compil2024-03-20
CVEList
VT-d: Failure to quarantine devices in !HVM builds2024-03-20
GHSA
GHSA-858p-q38q-g87r: Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compil2024-03-20
OSV
CVE-2023-46840: Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compil2024-03-20

📋Vendor Advisories

1
Debian
CVE-2023-46840: xen - Incorrect placement of a preprocessor directive in source code results in logic ...2023
CVE-2023-46840 — Fedoraproject Fedora vulnerability | cvebase