Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2023-46835 |
CWE-ID | CWE-264 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Xen Server applications / Virtualization software |
Vendor | Xen Project |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU83162
Risk: Medium
CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46835
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote guest to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions caused by a mismatch in IOMMU quarantine page table levels. A device in quarantine mode can access data from previous quarantine page table usages, possibly leaking data used by previous domains that also had the device assigned.
Install updates from vendor's website.
Vulnerable software versionsXen: All versions
External linkshttp://xenbits.xen.org/xsa/advisory-445.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.