mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-19 17:31:42 +00:00
20 lines
1.0 KiB
JSON
20 lines
1.0 KiB
JSON
|
{
|
||
|
|
"id": "CVE-2023-46836",
|
||
|
|
"sourceIdentifier": "security@xen.org",
|
||
|
|
"published": "2024-01-05T17:15:11.197",
|
||
|
|
"lastModified": "2024-01-05T18:23:40.387",
|
||
|
|
"vulnStatus": "Awaiting Analysis",
|
||
|
|
"descriptions": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative\nReturn Stack Overflow) are not IRQ-safe. It was believed that the\nmitigations always operated in contexts with IRQs disabled.\n\nHowever, the original XSA-254 fix for Meltdown (XPTI) deliberately left\ninterrupts enabled on two entry paths; one unconditionally, and one\nconditionally on whether XPTI was active.\n\nAs BTC/SRSO and Meltdown affect different CPU vendors, the mitigations\nare not active together by default. Therefore, there is a race\ncondition whereby a malicious PV guest can bypass BTC/SRSO protections\nand launch a BTC/SRSO attack against Xen.\n"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"metrics": {},
|
||
|
|
"references": [
|
||
|
|
{
|
||
|
|
"url": "https://xenbits.xenproject.org/xsa/advisory-446.html",
|
||
|
|
"source": "security@xen.org"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|