arm32: The cache may not be properly cleaned/invalidated (take two)
CVE-2023-46837

3.3LOW

Key Information:

Vendor: Xen Project
Status: Xen Project
Vendor: CVE Published:; 5 January 2024

What is CVE-2023-46837?

Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest.

Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory.

This undefined behavior was meant to be addressed by XSA-437, but the approach was not sufficient.

Affected Version(s)

Xen consult Xen advisory XSA-447

References

https://xenbits.xenproject.org/xsa/advisory-447.html

https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 5, 2024
Vulnerability Reserved
Oct 27, 2023

Credit

This issue was discovered by Michal Orzel from AMD.