{"url":"http://public2.vulnerablecode.io/api/packages/136177?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B76-ge1f9cb16e2-1~deb12u1?distro=trixie","type":"deb","namespace":"debian","name":"xen","version":"4.17.2+76-ge1f9cb16e2-1~deb12u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"4.17.2+76-ge1f9cb16e2-1","latest_non_vulnerable_version":"4.20.2+7-g1badcf5035-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106511?format=json","vulnerability_id":"VCID-8r4d-1tcs-13gd","summary":"Arm provides multiple helpers to clean & invalidate the cache for a given region.  This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest.  Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation.  Therefore there is no guarantee when all the writes will reach the memory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34321","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17581","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17463","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17479","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17587","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17543","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34321"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34321","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34321"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051954","reference_id":"1051954","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051954"},{"reference_url":"https://xenbits.xenproject.org/xsa/advisory-437.html","reference_id":"advisory-437.html","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T15:52:01Z/"}],"url":"https://xenbits.xenproject.org/xsa/advisory-437.html"},{"reference_url":"https://security.gentoo.org/glsa/202409-10","reference_id":"GLSA-202409-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-10"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-437.html","reference_id":"XSA-437","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-437.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/136178?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B55-g0b56bed864-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B55-g0b56bed864-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136177?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B76-ge1f9cb16e2-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B76-ge1f9cb16e2-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135900?format=json","purl":"pkg:deb/debian/xen@4.17.5%2B72-g01140da4e8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qbn-f381-abhx"},{"vulnerability":"VCID-67uu-vpqg-gbc9"},{"vulnerability":"VCID-k5qj-xcvq-5ke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.5%252B72-g01140da4e8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135904?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-0%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135903?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-1%3Fdistro=trixie"}],"aliases":["CVE-2023-34321","XSA-437"],"risk_score":0.8,"exploitability":"0.5","weighted_severity":"1.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8r4d-1tcs-13gd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106512?format=json","vulnerability_id":"VCID-cgzn-pdre-1bec","summary":"For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode.  Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables.  For 64-bit PV guests this means running on the shadow of the guest root page table.  In the course of dealing with shortage of memory in the shadow pool associated with a domain, shadows of page tables may be torn down.  This tearing down may include the shadow root page table that the CPU in question is presently running on.  While a precaution exists to supposedly prevent the tearing down of the underlying live page table, the time window covered by that precaution isn't large enough.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34322","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18522","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18625","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18586","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18505","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18622","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34322"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34322","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34322"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://xenbits.xenproject.org/xsa/advisory-438.html","reference_id":"advisory-438.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-27T15:50:09Z/"}],"url":"https://xenbits.xenproject.org/xsa/advisory-438.html"},{"reference_url":"https://security.gentoo.org/glsa/202409-10","reference_id":"GLSA-202409-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-10"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-438.html","reference_id":"XSA-438","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-438.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/136178?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B55-g0b56bed864-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B55-g0b56bed864-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136177?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B76-ge1f9cb16e2-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B76-ge1f9cb16e2-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135900?format=json","purl":"pkg:deb/debian/xen@4.17.5%2B72-g01140da4e8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qbn-f381-abhx"},{"vulnerability":"VCID-67uu-vpqg-gbc9"},{"vulnerability":"VCID-k5qj-xcvq-5ke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.5%252B72-g01140da4e8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135904?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-0%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135903?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-1%3Fdistro=trixie"}],"aliases":["CVE-2023-34322","XSA-438"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cgzn-pdre-1bec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106513?format=json","vulnerability_id":"VCID-cvj7-478z-x3b1","summary":"When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes.  It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction.  Unfortunately, some versions of C Xenstored are assuming that the quota cannot be negative and are using assert() to confirm it.  This will lead to C Xenstored crash when tools are built without -DNDEBUG (this is the default).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34323","reference_id":"","reference_type":"","scores":[{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25016","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25118","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25064","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25007","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25129","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34323"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34323","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34323"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://xenbits.xenproject.org/xsa/advisory-440.html","reference_id":"advisory-440.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T16:40:56Z/"}],"url":"https://xenbits.xenproject.org/xsa/advisory-440.html"},{"reference_url":"https://security.gentoo.org/glsa/202409-10","reference_id":"GLSA-202409-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-10"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-440.html","reference_id":"XSA-440","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-440.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/136178?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B55-g0b56bed864-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B55-g0b56bed864-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136177?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B76-ge1f9cb16e2-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B76-ge1f9cb16e2-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135900?format=json","purl":"pkg:deb/debian/xen@4.17.5%2B72-g01140da4e8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qbn-f381-abhx"},{"vulnerability":"VCID-67uu-vpqg-gbc9"},{"vulnerability":"VCID-k5qj-xcvq-5ke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.5%252B72-g01140da4e8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135904?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-0%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135903?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-1%3Fdistro=trixie"}],"aliases":["CVE-2023-34323","XSA-440"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cvj7-478z-x3b1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106517?format=json","vulnerability_id":"VCID-dke6-vwb6-fuf4","summary":"[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]  AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions.  Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service.   1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of     a previous vCPUs debug mask state.   2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT.     This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock     up the CPU entirely.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34328","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29587","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29548","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29515","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29483","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29497","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34328"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34328","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34328"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202409-10","reference_id":"GLSA-202409-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-10"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-444.html","reference_id":"XSA-444","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-444.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/136178?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B55-g0b56bed864-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B55-g0b56bed864-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136177?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B76-ge1f9cb16e2-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B76-ge1f9cb16e2-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135900?format=json","purl":"pkg:deb/debian/xen@4.17.5%2B72-g01140da4e8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qbn-f381-abhx"},{"vulnerability":"VCID-67uu-vpqg-gbc9"},{"vulnerability":"VCID-k5qj-xcvq-5ke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.5%252B72-g01140da4e8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135904?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-0%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135903?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-1%3Fdistro=trixie"}],"aliases":["CVE-2023-34328","XSA-444"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dke6-vwb6-fuf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106518?format=json","vulnerability_id":"VCID-fwx8-9f5e-v7hw","summary":"The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels.  However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU.  On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() will setup page tables for the scratch page with 4 levels, while the IOMMU will be configured to use 3 levels only, resulting in the last page table directory (PDE) effectively becoming a page table entry (PTE), and hence a device in quarantine mode gaining write access to the page destined to be a PDE.  Due to this page table level mismatch, the sink page the device gets read/write access to is no longer cleared between device assignment, possibly leading to data leaks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46835","reference_id":"","reference_type":"","scores":[{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24951","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25053","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24943","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25065","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46835"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056928","reference_id":"1056928","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056928"},{"reference_url":"https://xenbits.xenproject.org/xsa/advisory-445.html","reference_id":"advisory-445.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-12T04:00:28Z/"}],"url":"https://xenbits.xenproject.org/xsa/advisory-445.html"},{"reference_url":"https://security.gentoo.org/glsa/202409-10","reference_id":"GLSA-202409-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-10"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-445.html","reference_id":"XSA-445","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-445.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/136177?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B76-ge1f9cb16e2-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B76-ge1f9cb16e2-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136183?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B76-ge1f9cb16e2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B76-ge1f9cb16e2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135900?format=json","purl":"pkg:deb/debian/xen@4.17.5%2B72-g01140da4e8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qbn-f381-abhx"},{"vulnerability":"VCID-67uu-vpqg-gbc9"},{"vulnerability":"VCID-k5qj-xcvq-5ke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.5%252B72-g01140da4e8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135904?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-0%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135903?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-1%3Fdistro=trixie"}],"aliases":["CVE-2023-46835","XSA-445"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fwx8-9f5e-v7hw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106514?format=json","vulnerability_id":"VCID-k6gh-hx5m-wba2","summary":"[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]  libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code.  libfsimage is used by pygrub to inspect guest disks.  Pygrub runs as the same user as the toolstack (root in a priviledged domain).  At least one issue has been reported to the Xen Security Team that allows an attacker to trigger a stack buffer overflow in libfsimage.  After further analisys the Xen Security Team is no longer confident in the suitability of libfsimage when run against guest controlled input with super user priviledges.  In order to not affect current deployments that rely on pygrub patches are provided in the resolution section of the advisory that allow running pygrub in deprivileged mode.  CVE-2023-4949 refers to the original issue in the upstream grub project (\"An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.\")  CVE-2023-34325 refers specifically to the vulnerabilities in Xen's copy of libfsimage, which is decended from a very old version of grub.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34325","reference_id":"","reference_type":"","scores":[{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21567","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21662","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21617","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21559","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21676","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34325"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://xenbits.xenproject.org/xsa/advisory-443.html","reference_id":"advisory-443.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T18:38:25Z/"}],"url":"https://xenbits.xenproject.org/xsa/advisory-443.html"},{"reference_url":"https://security.gentoo.org/glsa/202409-10","reference_id":"GLSA-202409-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-10"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-443.html","reference_id":"XSA-443","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-443.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/136178?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B55-g0b56bed864-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B55-g0b56bed864-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136177?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B76-ge1f9cb16e2-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B76-ge1f9cb16e2-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135900?format=json","purl":"pkg:deb/debian/xen@4.17.5%2B72-g01140da4e8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qbn-f381-abhx"},{"vulnerability":"VCID-67uu-vpqg-gbc9"},{"vulnerability":"VCID-k5qj-xcvq-5ke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.5%252B72-g01140da4e8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135904?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-0%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135903?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-1%3Fdistro=trixie"}],"aliases":["CVE-2023-34325","XSA-443"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6gh-hx5m-wba2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84016?format=json","vulnerability_id":"VCID-rm4s-2uwv-tkac","summary":"A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20588.json","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20588.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-20588","reference_id":"","reference_type":"","scores":[{"value":"0.04259","scoring_system":"epss","scoring_elements":"0.89002","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04259","scoring_system":"epss","scoring_elements":"0.89036","published_at":"2026-06-09T12:55:00Z"},{"value":"0.04259","scoring_system":"epss","scoring_elements":"0.89019","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04259","scoring_system":"epss","scoring_elements":"0.8902","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-20588"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2002","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2002"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20588","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20588"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2124","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2124"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31084","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31084"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3212","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3268","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3268"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3338","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3338"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34319","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34319"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3609","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3609"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3611","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3611"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3863","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3863"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4004"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4132","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4273"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/27/1","reference_id":"1","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/27/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/04/1","reference_id":"1","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/04/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/03/12","reference_id":"12","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/03/12"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/03/13","reference_id":"13","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/03/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/03/14","reference_id":"14","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/03/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/03/15","reference_id":"15","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/03/15"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/03/16","reference_id":"16","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/03/16"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/04/2","reference_id":"2","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/04/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2230125","reference_id":"2230125","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2230125"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/25/3","reference_id":"3","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/25/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/04/3","reference_id":"3","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/04/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/25/4","reference_id":"4","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/25/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/04/4","reference_id":"4","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/04/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/25/5","reference_id":"5","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/25/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/26/5","reference_id":"5","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/26/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/25/7","reference_id":"7","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/25/7"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/25/8","reference_id":"8","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/25/8"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/26/8","reference_id":"8","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/26/8"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/26/9","reference_id":"9","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/26/9"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/03/9","reference_id":"9","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/03/9"},{"reference_url":"http://xenbits.xen.org/xsa/advisory-439.html","reference_id":"advisory-439.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"http://xenbits.xen.org/xsa/advisory-439.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/","reference_id":"AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/"},{"reference_url":"https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007","reference_id":"AMD-SB-7007","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/","reference_id":"DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5480","reference_id":"dsa-5480","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"https://www.debian.org/security/2023/dsa-5480"},{"reference_url":"https://www.debian.org/security/2023/dsa-5492","reference_id":"dsa-5492","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"https://www.debian.org/security/2023/dsa-5492"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/","reference_id":"KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html","reference_id":"msg00027.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240531-0005/","reference_id":"ntap-20240531-0005","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T14:23:03Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240531-0005/"},{"reference_url":"https://usn.ubuntu.com/6383-1/","reference_id":"USN-6383-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6383-1/"},{"reference_url":"https://usn.ubuntu.com/6384-1/","reference_id":"USN-6384-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6384-1/"},{"reference_url":"https://usn.ubuntu.com/6386-1/","reference_id":"USN-6386-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6386-1/"},{"reference_url":"https://usn.ubuntu.com/6386-2/","reference_id":"USN-6386-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6386-2/"},{"reference_url":"https://usn.ubuntu.com/6386-3/","reference_id":"USN-6386-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6386-3/"},{"reference_url":"https://usn.ubuntu.com/6387-1/","reference_id":"USN-6387-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6387-1/"},{"reference_url":"https://usn.ubuntu.com/6387-2/","reference_id":"USN-6387-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6387-2/"},{"reference_url":"https://usn.ubuntu.com/6466-1/","reference_id":"USN-6466-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6466-1/"},{"reference_url":"https://usn.ubuntu.com/6577-1/","reference_id":"USN-6577-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6577-1/"},{"reference_url":"https://usn.ubuntu.com/6602-1/","reference_id":"USN-6602-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6602-1/"},{"reference_url":"https://usn.ubuntu.com/6604-1/","reference_id":"USN-6604-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6604-1/"},{"reference_url":"https://usn.ubuntu.com/6604-2/","reference_id":"USN-6604-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6604-2/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-439.html","reference_id":"XSA-439","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-439.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/136178?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B55-g0b56bed864-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B55-g0b56bed864-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136177?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B76-ge1f9cb16e2-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B76-ge1f9cb16e2-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135900?format=json","purl":"pkg:deb/debian/xen@4.17.5%2B72-g01140da4e8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qbn-f381-abhx"},{"vulnerability":"VCID-67uu-vpqg-gbc9"},{"vulnerability":"VCID-k5qj-xcvq-5ke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.5%252B72-g01140da4e8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135904?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-0%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135903?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-1%3Fdistro=trixie"}],"aliases":["CVE-2023-20588","XSA-439"],"risk_score":2.7,"exploitability":"0.5","weighted_severity":"5.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rm4s-2uwv-tkac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106510?format=json","vulnerability_id":"VCID-sx9z-gbkd-8fgv","summary":"Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34320","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28221","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2817","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2813","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28087","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2809","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34320"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34320","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34320"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202409-10","reference_id":"GLSA-202409-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-10"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-436.html","reference_id":"XSA-436","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-436.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/136181?format=json","purl":"pkg:deb/debian/xen@4.17.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136177?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B76-ge1f9cb16e2-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B76-ge1f9cb16e2-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135900?format=json","purl":"pkg:deb/debian/xen@4.17.5%2B72-g01140da4e8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qbn-f381-abhx"},{"vulnerability":"VCID-67uu-vpqg-gbc9"},{"vulnerability":"VCID-k5qj-xcvq-5ke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.5%252B72-g01140da4e8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135904?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-0%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135903?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-1%3Fdistro=trixie"}],"aliases":["CVE-2023-34320","XSA-436"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sx9z-gbkd-8fgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106515?format=json","vulnerability_id":"VCID-u4yc-hhne-2kaz","summary":"The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed.  Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34326","reference_id":"","reference_type":"","scores":[{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27682","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27761","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27724","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27675","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27813","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34326"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34326","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34326"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://xenbits.xenproject.org/xsa/advisory-442.html","reference_id":"advisory-442.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-14T20:27:29Z/"}],"url":"https://xenbits.xenproject.org/xsa/advisory-442.html"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-442.html","reference_id":"XSA-442","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-442.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/136178?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B55-g0b56bed864-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B55-g0b56bed864-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136177?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B76-ge1f9cb16e2-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B76-ge1f9cb16e2-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135900?format=json","purl":"pkg:deb/debian/xen@4.17.5%2B72-g01140da4e8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qbn-f381-abhx"},{"vulnerability":"VCID-67uu-vpqg-gbc9"},{"vulnerability":"VCID-k5qj-xcvq-5ke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.5%252B72-g01140da4e8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135904?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-0%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135903?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-1%3Fdistro=trixie"}],"aliases":["CVE-2023-34326","XSA-442"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u4yc-hhne-2kaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106519?format=json","vulnerability_id":"VCID-vkt6-fjzc-4uay","summary":"The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe.  It was believed that the mitigations always operated in contexts with IRQs disabled.  However, the original XSA-254 fix for Meltdown (XPTI) deliberately left interrupts enabled on two entry paths; one unconditionally, and one conditionally on whether XPTI was active.  As BTC/SRSO and Meltdown affect different CPU vendors, the mitigations are not active together by default.  Therefore, there is a race condition whereby a malicious PV guest can bypass BTC/SRSO protections and launch a BTC/SRSO attack against Xen.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46836","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06059","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06086","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06082","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06035","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06098","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46836"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056928","reference_id":"1056928","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056928"},{"reference_url":"https://xenbits.xenproject.org/xsa/advisory-446.html","reference_id":"advisory-446.html","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:16:12Z/"}],"url":"https://xenbits.xenproject.org/xsa/advisory-446.html"},{"reference_url":"https://security.gentoo.org/glsa/202409-10","reference_id":"GLSA-202409-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-10"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-446.html","reference_id":"XSA-446","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-446.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/136177?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B76-ge1f9cb16e2-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B76-ge1f9cb16e2-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136183?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B76-ge1f9cb16e2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B76-ge1f9cb16e2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135900?format=json","purl":"pkg:deb/debian/xen@4.17.5%2B72-g01140da4e8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qbn-f381-abhx"},{"vulnerability":"VCID-67uu-vpqg-gbc9"},{"vulnerability":"VCID-k5qj-xcvq-5ke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.5%252B72-g01140da4e8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135904?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-0%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135903?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-1%3Fdistro=trixie"}],"aliases":["CVE-2023-46836","XSA-446"],"risk_score":1.2,"exploitability":"0.5","weighted_severity":"2.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vkt6-fjzc-4uay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106516?format=json","vulnerability_id":"VCID-x9md-fcrv-y7d8","summary":"[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]  AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions.  Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service.   1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of     a previous vCPUs debug mask state.   2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT.     This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock     up the CPU entirely.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34327","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29497","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29548","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29515","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29483","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29587","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34327"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34327","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34327"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://xenbits.xenproject.org/xsa/advisory-444.html","reference_id":"advisory-444.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:36:52Z/"}],"url":"https://xenbits.xenproject.org/xsa/advisory-444.html"},{"reference_url":"https://security.gentoo.org/glsa/202409-10","reference_id":"GLSA-202409-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-10"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-444.html","reference_id":"XSA-444","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-444.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/136178?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B55-g0b56bed864-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B55-g0b56bed864-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136177?format=json","purl":"pkg:deb/debian/xen@4.17.2%2B76-ge1f9cb16e2-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B76-ge1f9cb16e2-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135900?format=json","purl":"pkg:deb/debian/xen@4.17.5%2B72-g01140da4e8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qbn-f381-abhx"},{"vulnerability":"VCID-67uu-vpqg-gbc9"},{"vulnerability":"VCID-k5qj-xcvq-5ke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.5%252B72-g01140da4e8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135904?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-0%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135903?format=json","purl":"pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qmr-dc83-fqb1"},{"vulnerability":"VCID-67uu-vpqg-gbc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-1%3Fdistro=trixie"}],"aliases":["CVE-2023-34327"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x9md-fcrv-y7d8"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.2%252B76-ge1f9cb16e2-1~deb12u1%3Fdistro=trixie"}