{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-34321", "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "state": "PUBLISHED", "assignerShortName": "XEN", "dateReserved": "2023-06-01T10:44:17.065Z", "datePublished": "2024-01-05T16:17:17.379Z", "dateUpdated": "2024-08-02T16:10:06.437Z"}, "containers": {"cna": {"title": "arm32: The cache may not be properly cleaned/invalidated", "datePublic": "2023-09-05T07:03:00Z", "descriptions": [{"lang": "en", "value": "Arm provides multiple helpers to clean & invalidate the cache\nfor a given region. This is, for instance, used when allocating\nguest memory to ensure any writes (such as the ones during scrubbing)\nhave reached memory before handing over the page to a guest.\n\nUnfortunately, the arithmetics in the helpers can overflow and would\nthen result to skip the cache cleaning/invalidation. Therefore there\nis no guarantee when all the writes will reach the memory.\n"}], "impacts": [{"descriptions": [{"lang": "en", "value": "A malicious guest may be able to read sensitive data from memory that\npreviously belonged to another guest.\n"}]}], "affected": [{"defaultStatus": "unknown", "product": "Xen", "vendor": "Xen", "versions": [{"status": "unknown", "version": "consult Xen advisory XSA-437"}]}], "configurations": [{"lang": "en", "value": "Systems running all version of Xen are affected.\n\nOnly systems running Xen on Arm 32-bit are vulnerable. Xen on Arm 64-bit\nis not affected.\n"}], "workarounds": [{"lang": "en", "value": "There is no known mitigation.\n"}], "credits": [{"lang": "en", "type": "finder", "value": "This issue was discovered by Julien Grall of Amazon.\n"}], "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-437.html"}], "providerMetadata": {"orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN", "dateUpdated": "2024-01-05T16:17:17.379Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:10:06.437Z"}, "title": "CVE Program Container", "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-437.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*", "matchCriteriaId": "9E211AB0-41AD-40D0-AF03-D285F42C6163", "versionEndIncluding": "4.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Arm provides multiple helpers to clean & invalidate the cache\nfor a given region. This is, for instance, used when allocating\nguest memory to ensure any writes (such as the ones during scrubbing)\nhave reached memory before handing over the page to a guest.\n\nUnfortunately, the arithmetics in the helpers can overflow and would\nthen result to skip the cache cleaning/invalidation. Therefore there\nis no guarantee when all the writes will reach the memory.\n"}, {"lang": "es", "value": "Arm proporciona m\u00faltiples ayudas para limpiar e invalidar el cach\u00e9 de una regi\u00f3n determinada. Esto se utiliza, por ejemplo, al asignar memoria de invitado para garantizar que cualquier escritura (como las que se realizan durante la depuraci\u00f3n) haya llegado a la memoria antes de entregar la p\u00e1gina a un invitado. Desafortunadamente, la aritm\u00e9tica en los asistentes puede desbordarse y entonces se omitir\u00eda la limpieza/invalidaci\u00f3n de la cach\u00e9. Por lo tanto, no hay garant\u00eda de cu\u00e1ndo todas las escrituras llegar\u00e1n a la memoria."}], "id": "CVE-2023-34321", "lastModified": "2024-01-11T17:08:05.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-05T17:15:08.357", "references": [{"source": "security@xen.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://xenbits.xenproject.org/xsa/advisory-437.html"}], "sourceIdentifier": "security@xen.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}