VDB
ALPINE-CVE-2023-34326
ALPINE-CVE-2023-34326
PUBLISHED
CVSS 7.800000190734863 HIGH
The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions.
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.15 | xen | 4.12.1-r2, 4.12.1-r1, 4.12.1-r0 |
| Alpine:v3.19 | xen | 4.1.2-r6, 4.1.2-r7, 4.10.0-r0 |
| Alpine:v3.16 | xen | 4.13.0-r1, 4.16.3-r0, 4.16.2-r0 |
| Alpine:v3.18 | xen | 4.5.1-r2, 0, 4.0.1-r0 |
| Alpine:v3.17 | xen | 4.6.1-r0, 4.6.0-r5, 4.6.0-r4 |
| Alpine:v3.23 | xen | 4.14.1-r0, 4.14.1-r1, 4.14.1-r2 |
| Alpine:v3.20 | xen | 4.14.0-r3, 4.14.0-r2, 4.14.0-r1 |
| Alpine:v3.22 | xen | 4.13.0-r4, 4.0.1-r2, 4.0.1-r3 |
| Alpine:v3.21 | xen | 4.9.1-r3, 4.9.1-r2, 4.9.1-r1 |
Timeline
- Jan 5, 2024 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch