CVE-2023-34326
Last modified
CVE-2023-34326 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions. . EPSS estimates a 0.29% chance of exploitation in the next 30 days.
Description
The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-34326?
How severe is CVE-2023-34326?
How do I fix CVE-2023-34326?
Are you affected by CVE-2023-34326?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST