CVE-2023-46837
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
05/01/2024
Last modified:
16/06/2025
Description
Arm provides multiple helpers to clean & invalidate the cache<br />
for a given region. This is, for instance, used when allocating<br />
guest memory to ensure any writes (such as the ones during scrubbing)<br />
have reached memory before handing over the page to a guest.<br />
<br />
Unfortunately, the arithmetics in the helpers can overflow and would<br />
then result to skip the cache cleaning/invalidation. Therefore there<br />
is no guarantee when all the writes will reach the memory.<br />
<br />
This undefined behavior was meant to be addressed by XSA-437, but the<br />
approach was not sufficient.
Impact
Base Score 3.x
3.30
Severity 3.x
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:* | 4.16 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFVKWYQFRUU3CAS53THTUKXEOUDWI42G/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XLL6SQ6IKFYXLYWITYZCRV5IBRK5G35R/
- https://xenbits.xenproject.org/xsa/advisory-447.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFVKWYQFRUU3CAS53THTUKXEOUDWI42G/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XLL6SQ6IKFYXLYWITYZCRV5IBRK5G35R/
- https://xenbits.xenproject.org/xsa/advisory-447.html