CVE-2023-46840 (GCVE-0-2023-46840)
Vulnerability from cvelistv5
Published
2024-03-20 10:40
Modified
2025-11-04 18:18
Severity ?
4.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
Summary
Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen.
References
Impacted products
Vendor Product Version
Xen Xen Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:18:56.351Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://xenbits.xenproject.org/xsa/advisory-450.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XLL6SQ6IKFYXLYWITYZCRV5IBRK5G35R/"
          },
          {
            "url": "http://xenbits.xen.org/xsa/advisory-450.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 4.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-46840",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-05T18:59:02.763689Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-04T21:39:44.430Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Xen",
          "vendor": "Xen",
          "versions": [
            {
              "status": "unknown",
              "version": "consult Xen advisory XSA-450"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "Xen 4.17 and onwards are vulnerable.  Xen 4.16 and older are not\nvulnerable.\n\nOnly Xen running on x86 platforms with an Intel-compatible VT-d IOMMU is\nvulnerable.  Platforms from other manufacturers, or platforms without a\nVT-d IOMMU are not vulnerable.\n\nOnly systems where PCI devices are passed through to untrusted or\nsemi-trusted guests are vulnerable.  Systems which do not assign PCI\ndevices to untrusted guests are not vulnerable.\n\nXen is only vulnerable when CONFIG_HVM is disabled at build time.  Most\ndeployments of Xen are expected to have CONFIG_HVM enabled at build\ntime, and would therefore not be vulnerable.\n"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This issue was discovered by Teddy Astie of Vates\n"
        }
      ],
      "datePublic": "2024-01-30T12:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect placement of a preprocessor directive in source code results\nin logic that doesn\u0027t operate as intended when support for HVM guests is\ncompiled out of Xen.\n"
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "When a device is removed from a domain, it is not properly quarantined\nand retains its access to the domain to which it was previously\nassigned.\n"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-20T10:40:18.050Z",
        "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
        "shortName": "XEN"
      },
      "references": [
        {
          "url": "https://xenbits.xenproject.org/xsa/advisory-450.html"
        }
      ],
      "title": "VT-d: Failure to quarantine devices in !HVM builds",
      "workarounds": [
        {
          "lang": "en",
          "value": "There is no mitigation.\n"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
    "assignerShortName": "XEN",
    "cveId": "CVE-2023-46840",
    "datePublished": "2024-03-20T10:40:18.050Z",
    "dateReserved": "2023-10-27T07:55:35.333Z",
    "dateUpdated": "2025-11-04T18:18:56.351Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://xenbits.xenproject.org/xsa/advisory-450.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XLL6SQ6IKFYXLYWITYZCRV5IBRK5G35R/\"}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-450.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T18:18:56.351Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-46840\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-05T18:59:02.763689Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-05T18:59:07.632Z\"}}], \"cna\": {\"title\": \"VT-d: Failure to quarantine devices in !HVM builds\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"This issue was discovered by Teddy Astie of Vates\\n\"}], \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"When a device is removed from a domain, it is not properly quarantined\\nand retains its access to the domain to which it was previously\\nassigned.\\n\"}]}], \"affected\": [{\"vendor\": \"Xen\", \"product\": \"Xen\", \"versions\": [{\"status\": \"unknown\", \"version\": \"consult Xen advisory XSA-450\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2024-01-30T12:00:00.000Z\", \"references\": [{\"url\": \"https://xenbits.xenproject.org/xsa/advisory-450.html\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"There is no mitigation.\\n\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Incorrect placement of a preprocessor directive in source code results\\nin logic that doesn\u0027t operate as intended when support for HVM guests is\\ncompiled out of Xen.\\n\"}], \"configurations\": [{\"lang\": \"en\", \"value\": \"Xen 4.17 and onwards are vulnerable.  Xen 4.16 and older are not\\nvulnerable.\\n\\nOnly Xen running on x86 platforms with an Intel-compatible VT-d IOMMU is\\nvulnerable.  Platforms from other manufacturers, or platforms without a\\nVT-d IOMMU are not vulnerable.\\n\\nOnly systems where PCI devices are passed through to untrusted or\\nsemi-trusted guests are vulnerable.  Systems which do not assign PCI\\ndevices to untrusted guests are not vulnerable.\\n\\nXen is only vulnerable when CONFIG_HVM is disabled at build time.  Most\\ndeployments of Xen are expected to have CONFIG_HVM enabled at build\\ntime, and would therefore not be vulnerable.\\n\"}], \"providerMetadata\": {\"orgId\": \"23aa2041-22e1-471f-9209-9b7396fa234f\", \"shortName\": \"XEN\", \"dateUpdated\": \"2024-03-20T10:40:18.050Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-46840\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T18:18:56.351Z\", \"dateReserved\": \"2023-10-27T07:55:35.333Z\", \"assignerOrgId\": \"23aa2041-22e1-471f-9209-9b7396fa234f\", \"datePublished\": \"2024-03-20T10:40:18.050Z\", \"assignerShortName\": \"XEN\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.