CVE-2023-34326
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed.
Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Xen | Xen | consult Xen advisory XSA-442 | unknown |
Weaknesses
Workarounds
Not passing through physical devices to guests will avoid the vulnerability.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.