CVE-2023-46842Type Confusion in Fedora

CWE-843Type Confusion6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
2.1%
top 15.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XENFedoraproject Fedora
Timeline
PublishedMay 16

Description

Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass 32-bit-mode hypercall arguments to values outside of the range 32-bit code would be able to set them to. When processing of hypercalls takes a considerable amount of time, the hypervisor may choose to invoke a hypercall continuation. Doing so involves putting (perhaps updated) hypercall arguments in respective registers. For guests not running i

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

Alpinexen/xen< 4.16.6-r0+7
Debianxen/xen< 4.17.5+23-ga4e5191dc0-1+2
NVDxen/xen

Also affects: Fedora 38, 40

Patches

Patch: xenbits.xenproject.orgPatch: xenbits.xen.orgPatch: xenbits.xenproject.org

🔴Vulnerability Details

4
GHSA
GHSA-hcr5-hp8w-36q9: Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes2024-05-16
OSV
CVE-2023-46842: Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes2024-05-16
OSV
CVE-2023-46842: Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes2024-05-16
CVEList
x86 HVM hypercalls may trigger Xen bug check2024-05-16

📋Vendor Advisories

1
Debian
CVE-2023-46842: xen - Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other m...2023
CVE-2023-46842 — Type Confusion in Fedoraproject Fedora | cvebase