{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-34321","assignerOrgId":"23aa2041-22e1-471f-9209-9b7396fa234f","state":"PUBLISHED","assignerShortName":"XEN","dateReserved":"2023-06-01T10:44:17.065Z","datePublished":"2024-01-05T16:17:17.379Z","dateUpdated":"2025-11-04T19:16:34.429Z"},"containers":{"cna":{"title":"arm32: The cache may not be properly cleaned/invalidated","datePublic":"2023-09-05T07:03:00.000Z","descriptions":[{"lang":"en","value":"Arm provides multiple helpers to clean & invalidate the cache\nfor a given region.  This is, for instance, used when allocating\nguest memory to ensure any writes (such as the ones during scrubbing)\nhave reached memory before handing over the page to a guest.\n\nUnfortunately, the arithmetics in the helpers can overflow and would\nthen result to skip the cache cleaning/invalidation.  Therefore there\nis no guarantee when all the writes will reach the memory.\n"}],"impacts":[{"descriptions":[{"lang":"en","value":"A malicious guest may be able to read sensitive data from memory that\npreviously belonged to another guest.\n"}]}],"affected":[{"defaultStatus":"unknown","product":"Xen","vendor":"Xen","versions":[{"status":"unknown","version":"consult Xen advisory XSA-437"}]}],"configurations":[{"lang":"en","value":"Systems running all version of Xen are affected.\n\nOnly systems running Xen on Arm 32-bit are vulnerable.  Xen on Arm 64-bit\nis not affected.\n"}],"workarounds":[{"lang":"en","value":"There is no known mitigation.\n"}],"credits":[{"lang":"en","type":"finder","value":"This issue was discovered by Julien Grall of Amazon.\n"}],"references":[{"url":"https://xenbits.xenproject.org/xsa/advisory-437.html"}],"providerMetadata":{"orgId":"23aa2041-22e1-471f-9209-9b7396fa234f","shortName":"XEN","dateUpdated":"2024-01-05T16:17:17.379Z"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://xenbits.xenproject.org/xsa/advisory-437.html","tags":["x_transferred"]},{"url":"http://xenbits.xen.org/xsa/advisory-437.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T19:16:34.429Z"}},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-119","lang":"en","description":"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":3.3,"attackVector":"LOCAL","baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"LOW","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-01-09T15:52:01.673224Z","id":"CVE-2023-34321","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-17T18:14:15.713Z"}}]}}