Home > Vulnerability Database > CVE-2023-46837

Mend.io Vulnerability Database

CVE-2023-46837

Date: January 5, 2024

Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory. This undefined behavior was meant to be addressed by XSA-437, but the approach was not sufficient.

Language: C

Severity Score

3.3

Related Resources (7)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFVKWYQFRUU3CAS53THTUKXEOUDWI42G/

Url: https://security-tracker.debian.org/tracker/CVE-2023-46837

Url: https://github.com/xen-project/xen/commit/190b7f49af6487a9665da63d43adc9d9a5fbd01e

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XLL6SQ6IKFYXLYWITYZCRV5IBRK5G35R/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-46837

Url: https://xenbits.xenproject.org/xsa/advisory-447.html

Url: https://www.mend.io/vulnerability-database/CVE-2023-46837

Severity Score

3.3

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

CVSS v3.1

Base Score:	3.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-46837

Date: January 5, 2024

Language: C

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?