Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-34326

Published: 05/01/2024 Updated: 11/01/2024
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Xen

Vulnerability Summary

The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xen xen

Vendor Advisories

Citrix Security Bulletins: Citrix Hypervisor Multiple Security Updates
Description of Problem Several issues have been discovered that affect Citrix Hypervisor 82 CU1 LTSR and may allow malicious privileged code in a guest VM to:i)  Compromise an AMD-based host via a passed through PCI device: CVE-2023-34326ii)  Compromise the host when a specific administrative action is taken (see Mitigating Factors below ...

References

NVD-CWE-noinfohttps://xenbits.xenproject.org/xsa/advisory-442.htmlhttps://nvd.nist.govhttps://support.citrix.com/article/CTX575089
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook