5.3

CVE-2023-46839

EPSS 0.07%
Published 20.03.2024 11:15:08
Last modified 21.11.2024 20:15:36
Source security@xen.org
Teams watchlist Login
Open Login

PCI devices can make use of a functionality called phantom functions,
that when enabled allows the device to generate requests using the IDs
of functions that are otherwise unpopulated.  This allows a device to
extend the number of outstanding requests.

Such phantom functions need an IOMMU context setup, but failure to
setup the context is not fatal when the device is assigned.  Not
failing device assignment when such failure happens can lead to the
primary device being assigned to a guest, while some of the phantom
functions are assigned to a different domain.

Affected products Warnungen 0 Metrics 2 CWE 0 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorXen

≫

Product Xen

Default Statusunknown

Version consult Xen advisory XSA-449

Status unknown

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.219

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

https://xenbits.xenproject.org/xsa/advisory-449.html

https://nvd.nist.gov/vuln/detail/CVE-2023-46839

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-46839

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-46839

EUVD