Home > Vulnerability Database > CVE-2023-34321

Mend.io Vulnerability Database

CVE-2023-34321

Date: January 5, 2024

Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory.

Language: C

Severity Score

3.3

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-34321

Url: https://github.com/xen-project/xen/commit/9a216e92de9f9011097e4f1fb55ff67ba0a21704

Url: https://xenbits.xenproject.org/xsa/advisory-437.html

Url: https://seclists.org/oss-sec/2023/q3/153

Url: https://www.mend.io/vulnerability-database/CVE-2023-34321

Severity Score

3.3

Weakness Type (CWE)

Buffer Errors

CWE-119

CVSS v3.1

Base Score:	3.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-34321

Date: January 5, 2024

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?