x86/AMD: missing IOMMU TLB flushing
CVE-2023-34326

7.8HIGH

Key Information:

Vendor: Xen Project
Status: Xen
Vendor: CVE Published:; 5 January 2024

What is CVE-2023-34326?

The vulnerability arises from flawed caching invalidation specifications outlined in the AMD-Vi documentation, leading to potential inconsistencies in device memory mapping. In certain hardware configurations, when specific fields within the Device Table Entry (DTE) are modified without a corresponding flush of the Input/Output Memory Management Unit (IOMMU) Translation Lookaside Buffer (TLB), devices may exhibit stale Direct Memory Access (DMA) mappings. These stale mappings can erroneously point to memory addresses not allocated to the respective guest, potentially granting unauthorized access to unintended memory regions, which may compromise system integrity and confidentiality.

Affected Version(s)

Xen consult Xen advisory XSA-442

References

https://xenbits.xenproject.org/xsa/advisory-442.html

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 5, 2024
Vulnerability Reserved
Jun 1, 2023

Credit

This issue was discovered by Roger Pau Monné of XenServer.

Xen Project

What is CVE-2023-34326?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit