Home > Vulnerability Database > CVE-2023-34326

Mend.io Vulnerability Database

CVE-2023-34326

Date: January 5, 2024

The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions.

Language: C

Severity Score

4.0

Related Resources (5)

Url: https://seclists.org/oss-sec/2023/q4/72

Url: https://xenbits.xenproject.org/xsa/advisory-442.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-34326

Url: https://seclists.org/oss-sec/2023/q4/att-72/xsa442.patch

Url: https://www.mend.io/vulnerability-database/CVE-2023-34326

Severity Score

4.0

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

CVSS v3

Base Score:	4.0
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-34326

Date: January 5, 2024

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3

Do you need more information?