x86/AMD: mismatch in IOMMU quarantine page table levels
CVE-2023-46835

5.5MEDIUM

Key Information:

Vendor: Xen Project
Status: Xen
Vendor: CVE Published:; 5 January 2024

What is CVE-2023-46835?

A critical issue arises within the Xen Hypervisor where the initialization of quarantine page tables does not align with the actual IOMMU configuration. The mismatch occurs because the quarantine domain, assumed to have a default address width, may only support a maximum of three page table levels on systems with less than 512GB of RAM. This leads to scenarios where a device in quarantine mode could potentially gain unauthorized write access, compromising sensitive information that should remain isolated. The implications of this vulnerability suggest a significant risk of data leaks through improper handling of page tables during device assignment. Remediation is essential to ensure the integrity and confidentiality of data within the hypervisor environment.

Affected Version(s)

Xen consult Xen advisory XSA-445

References

https://xenbits.xenproject.org/xsa/advisory-445.html

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 5, 2024
Vulnerability Reserved
Oct 27, 2023

Credit

This issue was discovered by Roger Pau Monné of XenServer.