Incorrect preprocessor directive placement in source code results in non-functional logic when HVM guests are compiled out of Xen
CVE-2023-46840

Currently unrated

Key Information:

Vendor: Xen Project
Status: Xen
Vendor: CVE Published:; 20 March 2024

🔔 Create Xen Project Vulnerability Alert

What is CVE-2023-46840?

A logic flaw in the Xen Hypervisor arises from the incorrect placement of a preprocessor directive within the source code. This misconfiguration leads to unintended behavior when the hypervisor support for hardware virtual machine (HVM) guests is disabled. The exploitation of this flaw could result in operational anomalies or inconsistencies, potentially impacting system reliability and security. It is essential for administrators to review their deployments of the Xen Hypervisor and ensure that they are updated to the latest versions to mitigate the risks associated with this vulnerability.

Affected Version(s)

Xen consult Xen advisory XSA-450

References

https://xenbits.xenproject.org/xsa/advisory-450.html

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2024
Vulnerability Reserved
Oct 27, 2023

Credit

This issue was discovered by Teddy Astie of Vates