{"vulnerability": "CVE-2023-46835", "sightings": [{"uuid": "2da3c67a-29de-4d34-b750-604ea6a7c0fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46835", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18618", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-46835\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The current setup of the quarantine page tables assumes that the\nquarantine domain (dom_io) has been initialized with an address width\nof DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels.\n\nHowever dom_io being a PV domain gets the AMD-Vi IOMMU page tables\nlevels based on the maximum (hot pluggable) RAM address, and hence on\nsystems with no RAM above the 512GB mark only 3 page-table levels are\nconfigured in the IOMMU.\n\nOn systems without RAM above the 512GB boundary\namd_iommu_quarantine_init() will setup page tables for the scratch\npage with 4 levels, while the IOMMU will be configured to use 3 levels\nonly, resulting in the last page table directory (PDE) effectively\nbecoming a page table entry (PTE), and hence a device in quarantine\nmode gaining write access to the page destined to be a PDE.\n\nDue to this page table level mismatch, the sink page the device gets\nread/write access to is no longer cleared between device assignment,\npossibly leading to data leaks.\n\n\ud83d\udccf Published: 2024-01-05T16:34:49.531Z\n\ud83d\udccf Modified: 2025-06-17T16:11:08.422Z\n\ud83d\udd17 References:\n1. https://xenbits.xenproject.org/xsa/advisory-445.html", "creation_timestamp": "2025-06-17T16:41:12.000000Z"}, {"uuid": "d2997638-d778-449e-b24d-33075bcffcd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46835", "type": "seen", "source": "https://t.me/arpsyndicate/2570", "content": "#ExploitObserverAlert\n\nCVE-2023-46835\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46835. The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels.  However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU.  On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() will setup page tables for the scratch page with 4 levels, while the IOMMU will be configured to use 3 levels only, resulting in the last page table directory (PDE) effectively becoming a page table entry (PTE), and hence a device in quarantine mode gaining write access to the page destined to be a PDE.  Due to this page table level mismatch, the sink page the device gets read/write access to is no longer cleared between device assignment, possibly leading to data leaks.", "creation_timestamp": "2024-01-06T18:46:03.000000Z"}]}