CVE-2023-34326

2024-01-0517:15:08

Debian Security Bug Tracker

security-tracker.debian.org

amd-vi

caching guidelines

hardware

stale dma mappings

unauthorized memory access

unix

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.9%

JSON

The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions.

OSVersionArchitecturePackageVersionFilename
Debian12allxen< 4.17.2+76-ge1f9cb16e2-1~deb12u1xen_4.17.2+76-ge1f9cb16e2-1~deb12u1_all.deb
Debian11allxen<= 4.14.6-1xen_4.14.6-1_all.deb
Debian10allxen<= 4.11.4+107-gef32c7afa2-1xen_4.11.4+107-gef32c7afa2-1_all.deb
Debian999allxen< 4.17.2+55-g0b56bed864-1xen_4.17.2+55-g0b56bed864-1_all.deb
Debian13allxen< 4.17.2+55-g0b56bed864-1xen_4.17.2+55-g0b56bed864-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	xen	< 4.17.2+76-ge1f9cb16e2-1~deb12u1	xen_4.17.2+76-ge1f9cb16e2-1~deb12u1_all.deb
Debian	11	all	xen	<= 4.14.6-1	xen_4.14.6-1_all.deb
Debian	10	all	xen	<= 4.11.4+107-gef32c7afa2-1	xen_4.11.4+107-gef32c7afa2-1_all.deb
Debian	999	all	xen	< 4.17.2+55-g0b56bed864-1	xen_4.17.2+55-g0b56bed864-1_all.deb
Debian	13	all	xen	< 4.17.2+55-g0b56bed864-1	xen_4.17.2+55-g0b56bed864-1_all.deb