CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-46841 – x86: shadow stack vs exceptions from emulation stubs
https://notcve.org/view.php?id=CVE-2023-46841
20 Mar 2024 — Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses are accompanied by so called "shadow stacks", holding little more than return addresses. Shadow stacks aren't writable by normal instructions, and upon function returns their contents are used to check for possi... • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A •
CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 2CVE-2024-2193 – Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace.
https://notcve.org/view.php?id=CVE-2024-2193
13 Mar 2024 — A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths. Se ha revelado una vulnerabilidad de condición de ejecución especulativa (SRC) que afecta a las arquitecturas de CPU modernas que admiten la ejecución especulativa (relacionada c... • https://packetstorm.news/files/id/178597 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46837 – arm32: The cache may not be properly cleaned/invalidated (take two)
https://notcve.org/view.php?id=CVE-2023-46837
05 Jan 2024 — Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory. This undefined behavior was meant to be addressed by XSA-4... • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFVKWYQFRUU3CAS53THTUKXEOUDWI42G • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34321 – arm32: The cache may not be properly cleaned/invalidated
https://notcve.org/view.php?id=CVE-2023-34321
05 Jan 2024 — Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory. Arm proporciona múltiples ayudas para limpiar e invalidar ... • https://xenbits.xenproject.org/xsa/advisory-437.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-34320 – arm: Guests can trigger a deadlock on Cortex-A77
https://notcve.org/view.php?id=CVE-2023-34320
08 Dec 2023 — Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity. Los núcleos Cortex-A77 (r0p0 y r1p0) se ven afectados por la errata 1508412 donde el software, bajo ciertas circunstancias, podría bloquear un núcleo debido a la ejecución de una carga en el disposi... • https://xenbits.xenproject.org/xsa/advisory-436.html • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46835 – x86/AMD: mismatch in IOMMU quarantine page table levels
https://notcve.org/view.php?id=CVE-2023-46835
16 Nov 2023 — The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU. On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() w... • https://xenbits.xenproject.org/xsa/advisory-445.html • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46836 – x86: BTC/SRSO fixes not fully effective
https://notcve.org/view.php?id=CVE-2023-46836
16 Nov 2023 — The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown (XPTI) deliberately left interrupts enabled on two entry paths; one unconditionally, and one conditionally on whether XPTI was active. As BTC/SRSO and Meltdown affect different CPU vendors, the mitigations are not active together by default. Therefore, there is a race... • https://xenbits.xenproject.org/xsa/advisory-446.html •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4949 – Memory Corruption Vulnerability in Grub-Legacy's XFS Implementation
https://notcve.org/view.php?id=CVE-2023-4949
10 Nov 2023 — An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation. Un atacante con acceso local a un sistema (ya sea a través de un disco o una unidad externa) puede presentar una partición XFS modificada a grub-legacy de tal manera que aproveche una corrupción de memoria en la implementación del sistema de archivos XFS de grub. • https://xenbits.xenproject.org/xsa/advisory-443.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34324 – Possible deadlock in Linux kernel event handling
https://notcve.org/view.php?id=CVE-2023-34324
02 Nov 2023 — Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-gues... • https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34323 – xenstored: A transaction conflict can crash C Xenstored
https://notcve.org/view.php?id=CVE-2023-34323
12 Oct 2023 — When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstored are assuming that the quota cannot be negative and are using assert() to confirm it. This will lead to C Xenstored crash when tools are built without -DNDEBUG (this is the default). Cuando se confirma una transacción, C Xenstored ... • https://xenbits.xenproject.org/xsa/advisory-440.html • CWE-476: NULL Pointer Dereference •