Protecting Against Return Oriented Programming Attacks with CET-SS
CVE-2023-46841

6.5MEDIUM

Key Information:

Vendor: Xen Project
Status: Xen Project
Vendor: CVE Published:; 20 March 2024

What is CVE-2023-46841?

A technical vulnerability in the Xen Hypervisor arises from the interaction between Control-flow Enforcement Technology (CET) and its sub-feature, Shadow Stacks. Shadow Stacks are designed to bolster security against Return Oriented Programming attacks by maintaining a separate, non-writable stack that only holds return addresses. However, an issue has been identified where certain memory accesses, crucial for proper function, are not being intercepted, leading to a problematic emulation process involving instruction replay. This flaw specifically occurs during the recovery process, where the removal of a call frame from the traditional stack occurs without the corresponding operation taking place for the shadow stack, potentially compromising the integrity of return addresses.

Affected Version(s)

Xen consult Xen advisory XSA-451

References

https://xenbits.xenproject.org/xsa/advisory-451.html

https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 20, 2024
Vulnerability Reserved
Oct 27, 2023

Credit

This issue was discovered by Jan Beulich of SUSE.

Xen Project

What is CVE-2023-46841?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit