CVE-2023-46837
Vulnerability from cvelistv5
Published
2024-01-05 16:36
Modified
2024-08-02 20:53
Severity ?
Summary
Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory. This undefined behavior was meant to be addressed by XSA-437, but the approach was not sufficient.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:53:21.884Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://xenbits.xenproject.org/xsa/advisory-447.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XLL6SQ6IKFYXLYWITYZCRV5IBRK5G35R/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFVKWYQFRUU3CAS53THTUKXEOUDWI42G/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Xen",
          "vendor": "Xen",
          "versions": [
            {
              "status": "unknown",
              "version": "consult Xen advisory XSA-447"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "Systems running all version of Xen are affected.\n\nOnly systems running Xen on Arm 32-bit are vulnerable.  Xen on Arm 64-bit\nis not affected.\n"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This issue was discovered by Michal Orzel from AMD.\n"
        }
      ],
      "datePublic": "2023-12-12T12:00:00Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Arm provides multiple helpers to clean \u0026 invalidate the cache\nfor a given region.  This is, for instance, used when allocating\nguest memory to ensure any writes (such as the ones during scrubbing)\nhave reached memory before handing over the page to a guest.\n\nUnfortunately, the arithmetics in the helpers can overflow and would\nthen result to skip the cache cleaning/invalidation.  Therefore there\nis no guarantee when all the writes will reach the memory.\n\nThis undefined behavior was meant to be addressed by XSA-437, but the\napproach was not sufficient.\n"
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious guest may be able to read sensitive data from memory that\npreviously belonged to another guest.\n"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-05T16:36:10.881Z",
        "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
        "shortName": "XEN"
      },
      "references": [
        {
          "url": "https://xenbits.xenproject.org/xsa/advisory-447.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XLL6SQ6IKFYXLYWITYZCRV5IBRK5G35R/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFVKWYQFRUU3CAS53THTUKXEOUDWI42G/"
        }
      ],
      "title": "arm32: The cache may not be properly cleaned/invalidated (take two)",
      "workarounds": [
        {
          "lang": "en",
          "value": "There is no known mitigation.\n"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
    "assignerShortName": "XEN",
    "cveId": "CVE-2023-46837",
    "datePublished": "2024-01-05T16:36:10.881Z",
    "dateReserved": "2023-10-27T07:55:35.332Z",
    "dateUpdated": "2024-08-02T20:53:21.884Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-46837\",\"sourceIdentifier\":\"security@xen.org\",\"published\":\"2024-01-05T17:15:11.247\",\"lastModified\":\"2024-11-21T08:29:23.820\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Arm provides multiple helpers to clean \u0026 invalidate the cache\\nfor a given region.  This is, for instance, used when allocating\\nguest memory to ensure any writes (such as the ones during scrubbing)\\nhave reached memory before handing over the page to a guest.\\n\\nUnfortunately, the arithmetics in the helpers can overflow and would\\nthen result to skip the cache cleaning/invalidation.  Therefore there\\nis no guarantee when all the writes will reach the memory.\\n\\nThis undefined behavior was meant to be addressed by XSA-437, but the\\napproach was not sufficient.\\n\"},{\"lang\":\"es\",\"value\":\"Arm proporciona m\u00faltiples ayudas para limpiar e invalidar el cach\u00e9 de una regi\u00f3n determinada. Esto se utiliza, por ejemplo, al asignar memoria de invitado para garantizar que cualquier escritura (como las que se realizan durante la limpieza) haya alcanzado la memoria antes de entregar la p\u00e1gina a un invitado. Desafortunadamente, la aritm\u00e9tica en los asistentes puede desbordarse y entonces se omitir\u00eda la limpieza/invalidaci\u00f3n de la cach\u00e9. Por lo tanto, no hay garant\u00eda de cu\u00e1ndo todas las escrituras llegar\u00e1n a la memoria. Este comportamiento indefinido deb\u00eda ser abordado por XSA-437, pero el enfoque no fue suficiente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*\",\"versionEndIncluding\":\"4.16\",\"matchCriteriaId\":\"9E211AB0-41AD-40D0-AF03-D285F42C6163\"}]}]}],\"references\":[{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFVKWYQFRUU3CAS53THTUKXEOUDWI42G/\",\"source\":\"security@xen.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XLL6SQ6IKFYXLYWITYZCRV5IBRK5G35R/\",\"source\":\"security@xen.org\"},{\"url\":\"https://xenbits.xenproject.org/xsa/advisory-447.html\",\"source\":\"security@xen.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFVKWYQFRUU3CAS53THTUKXEOUDWI42G/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XLL6SQ6IKFYXLYWITYZCRV5IBRK5G35R/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://xenbits.xenproject.org/xsa/advisory-447.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.