CVE-2023-34326 : The caching invalidation guidelines from the AMD-Vi specification (48882

The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions.

Published 2024-01-05 17:15:09

Updated 2024-01-11 15:57:04

Source Xen Project

View at NVD, CVE.org

Products affected by CVE-2023-34326

XEN » XEN
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-34326

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 7 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-34326

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST	2024-01-11
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2023-34326

https://xenbits.xenproject.org/xsa/advisory-442.html

XSA-442 - Xen Security Advisories
Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-34326

Products affected by CVE-2023-34326

Exploit prediction scoring system (EPSS) score for CVE-2023-34326

CVSS scores for CVE-2023-34326

References for CVE-2023-34326