CVE-2023-46836

CVE-2023-46836

Name

CVE-2023-46836

Description

The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown (XPTI) deliberately left interrupts enabled on two entry paths; one unconditionally, and one conditionally on whether XPTI was active. As BTC/SRSO and Meltdown affect different CPU vendors, the mitigations are not active together by default. Therefore, there is a race condition whereby a malicious PV guest can bypass BTC/SRSO protections and launch a BTC/SRSO attack against Xen.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security@xen.org	https://xenbits.xenproject.org/xsa/advisory-446.html
af854a3a-2127-422b-91ae-364da2661108	http://xenbits.xen.org/xsa/advisory-446.html

Type

URI

security@xen.org

https://xenbits.xenproject.org/xsa/advisory-446.html

af854a3a-2127-422b-91ae-364da2661108

http://xenbits.xen.org/xsa/advisory-446.html

CPE URI	Source package	Min version	Max version
	xen	== consult Xen advisory XSA-446	== consult Xen advisory XSA-446

CPE URI

Source package

Min version

Max version

xen

== consult Xen advisory XSA-446

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
xen	edge-main	4.20.1-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	edge-main	4.20.1-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	edge-main	4.20.1-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	edge-main	4.20.0-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	edge-main	4.20.0-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	edge-main	4.20.0-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	edge-main	4.19.2-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	edge-main	4.19.1-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	edge-main	4.19.1-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	edge-main	4.19.0-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	edge-main	4.19.0-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	edge-main	4.18.2-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	edge-main	4.18.2-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	edge-main	4.18.2-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	edge-main	4.18.0-r5	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	edge-main	4.18.0-r4	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	edge-main	4.18.0-r3	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	edge-main	4.18.0-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	edge-main	4.17.2-r4	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.22-main	4.20.1-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.22-main	4.20.1-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.22-main	4.20.1-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.22-main	4.20.0-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.22-main	4.17.2-r4	None	fixed
xen	3.21-main	4.19.3-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.21-main	4.19.3-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.21-main	4.19.3-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.21-main	4.19.2-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.21-main	4.19.2-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.21-main	4.19.2-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.21-main	4.19.1-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.21-main	4.17.2-r4	None	fixed
xen	3.20-main	4.18.5-r3	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.20-main	4.18.5-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.20-main	4.18.5-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.20-main	4.18.5-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.20-main	4.18.4-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.20-main	4.18.4-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.20-main	4.18.3-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.20-main	4.18.3-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.20-main	4.18.3-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.20-main	4.18.2-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.20-main	4.17.2-r4	None	fixed
xen	3.19-main	4.18.5-r3	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.19-main	4.18.5-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.19-main	4.18.5-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.19-main	4.18.5-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.19-main	4.18.4-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.19-main	4.18.4-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.19-main	4.18.3-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.19-main	4.18.3-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.19-main	4.18.3-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.19-main	4.18.2-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.19-main	4.18.0-r4	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.19-main	4.18.0-r3	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.19-main	4.18.0-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.19-main	4.17.2-r4	None	fixed
xen	3.18-main	4.17.5-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.18-main	4.17.5-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.18-main	4.17.5-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.18-main	4.17.4-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.18-main	4.17.3-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.18-main	4.17.3-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.18-main	4.17.2-r5	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.18-main	4.17.2-r4	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.17-main	4.16.6-r3	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.17-main	4.16.6-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.17-main	4.16.6-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.17-main	4.16.6-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.17-main	4.16.5-r7	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.17-main	4.16.5-r6	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.17-main	4.16.5-r5	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.17-main	4.16.5-r4	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.17-main	4.16.5-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages