Home > Vulnerability Database > CVE-2023-34326

Mend.io Vulnerability Database

CVE-2023-34326

Date: January 5, 2024

The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions.

Language: C

Severity Score

7.8

Related Resources (5)

Url: https://seclists.org/oss-sec/2023/q4/72

Url: https://xenbits.xenproject.org/xsa/advisory-442.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-34326

Url: https://seclists.org/oss-sec/2023/q4/att-72/xsa442.patch

Url: https://www.mend.io/vulnerability-database/CVE-2023-34326

Severity Score

7.8

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Operation on a Resource after Expiration or Release

CWE-672

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-34326

Date: January 5, 2024

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?