Fedora 37 update for xen
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2023-46835 CVE-2023-46836 |
| CWE-ID | CWE-264 CWE-254 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system xen Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU83162
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-46835
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote guest to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions caused by a mismatch in IOMMU quarantine page table levels. A device in quarantine mode can access data from previous quarantine page table usages, possibly leaking data used by previous domains that also had the device assigned.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 37
xen: before 4.16.5-4.fc37
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2023-e62da41072
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Security features bypass
EUVDB-ID: #VU83163
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-46836
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote guest to bypass implemented security restrictions.
The vulnerability exists due to improper implementation of mitigations against BTC/SRSO. A malicious guest can bypass BTC/SRSO protections and launch a BTC/SRSO attack against Xen, which can result in memory access to other guests.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 37
xen: before 4.16.5-4.fc37
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2023-e62da41072
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
