CVE-2023-34326

HIGH

AMD-Vi - Info Disclosure

Title source: llm

Description

The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions.

References (2)

[Various Sources] http://xenbits.xen.org/xsa/advisory-442.html

[Vendor Advisory] https://xenbits.xenproject.org/xsa/advisory-442.html

Scores

CVSS v3 7.8

EPSS 0.0010

EPSS Percentile 27.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-672

Status published

Products (1)

xen/xen

Published Jan 05, 2024

Tracked Since Feb 18, 2026