Incorrect preprocessor directive placement in source code results in non-functional logic when HVM guests are compiled out of Xen
CVE-2023-46840

4.1MEDIUM

Key Information:

Vendor: Xen Project
Status: Xen Project
Vendor: CVE Published:; 20 March 2024

🔔 Create Xen Project Vulnerability Alert

What is CVE-2023-46840?

A logic flaw in the Xen Hypervisor arises from the incorrect placement of a preprocessor directive within the source code. This misconfiguration leads to unintended behavior when the hypervisor support for hardware virtual machine (HVM) guests is disabled. The exploitation of this flaw could result in operational anomalies or inconsistencies, potentially impacting system reliability and security. It is essential for administrators to review their deployments of the Xen Hypervisor and ensure that they are updated to the latest versions to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Xen consult Xen advisory XSA-450

References

https://xenbits.xenproject.org/xsa/advisory-450.html

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2024
Vulnerability Reserved
Oct 27, 2023

Credit

This issue was discovered by Teddy Astie of Vates

JSON

Xen Project

What is CVE-2023-46840?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.