Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-34321

Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory.

Published

2024-01-05T17:15:08.357

Last Modified

2025-11-04T20:16:30.183

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

Weaknesses

Type: Primary
CWE-119
Type: Secondary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	xen	xen	≤ 4.16	Yes

References

https://xenbits.xenproject.org/xsa/advisory-437.html Patch, Vendor Advisory ([email protected])
http://xenbits.xen.org/xsa/advisory-437.html (af854a3a-2127-422b-91ae-364da2661108)
https://xenbits.xenproject.org/xsa/advisory-437.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)