CVE-2023-34326

Name
CVE-2023-34326
Description
The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
security@xen.org https://xenbits.xenproject.org/xsa/advisory-442.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:* xen == None == None

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xen 3.16-main 4.16.6-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xen edge-main 4.18.2-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.20-main 4.18.3-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.19-main 4.18.3-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.18-main 4.17.5-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.17-main 4.16.6-r2 Natanael Copa <ncopa@alpinelinux.org> fixed