cve/2023/CVE-2023-46842.md

### [CVE-2023-46842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46842)
![](https://img.shields.io/static/v1?label=Product&message=Xen&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit andother modes.  This in particular means that they may set registers usedto pass 32-bit-mode hypercall arguments to values outside of the range32-bit code would be able to set them to.When processing of hypercalls takes a considerable amount of time,the hypervisor may choose to invoke a hypercall continuation.  Doing soinvolves putting (perhaps updated) hypercall arguments in respectiveregisters.  For guests not running in 64-bit mode this further involvesa certain amount of translation of the values.Unfortunately internal sanity checking of these translated valuesassumes high halves of registers to always be clear when invoking ahypercall.  When this is found not to be the case, it triggers aconsistency check in the hypervisor and causes a crash.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`### [CVE-2023-46842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46842)`
			`![](https://img.shields.io/static/v1?label=Product&message=Xen&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit andother modes. This in particular means that they may set registers usedto pass 32-bit-mode hypercall arguments to values outside of the range32-bit code would be able to set them to.When processing of hypercalls takes a considerable amount of time,the hypervisor may choose to invoke a hypercall continuation. Doing soinvolves putting (perhaps updated) hypercall arguments in respectiveregisters. For guests not running in 64-bit mode this further involvesa certain amount of translation of the values.Unfortunately internal sanity checking of these translated valuesassumes high halves of registers to always be clear when invoking ahypercall. When this is found not to be the case, it triggers aconsistency check in the hypervisor and causes a crash.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`