3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%
Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest.
Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory.
This undefined behavior was meant to be addressed by XSA-437, but the approach was not sufficient.
A malicious guest may be able to read sensitive data from memory that previously belonged to another guest.
Systems running all version of Xen are affected.
Only systems running Xen on Arm 32-bit are vulnerable. Xen on Arm 64-bit is not affected.
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%