VDB
DEBIAN-CVE-2023-34326
DEBIAN-CVE-2023-34326
PUBLISHED
CVSS 7.800000190734863 HIGH
The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions.
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | xen | 0, 0, 0 |
| Debian:12 | xen | 4.17.1+2-gb773c48e36-1, 4.17.2+55-g0b56bed864-1, 4.17.2-1 |
| Debian:11 | xen | *, *, 4.16.2-2 |
| Debian:14 | xen | 0, 0, 0 |
Timeline
- Jan 5, 2024 CVE Published
- Apr 28, 2026 CVE Updated