vulnerability

Debian: CVE-2023-46839: xen -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Mar 20, 2024	Jul 30, 2024	Mar 30, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Mar 20, 2024

Added

Jul 30, 2024

Modified

Mar 30, 2026

Description

PCI devices can make use of a functionality called phantom functions,
that when enabled allows the device to generate requests using the IDs
of functions that are otherwise unpopulated. This allows a device to
extend the number of outstanding requests.

Such phantom functions need an IOMMU context setup, but failure to
setup the context is not fatal when the device is assigned. Not
failing device assignment when such failure happens can lead to the
primary device being assigned to a guest, while some of the phantom
functions are assigned to a different domain.

Solution

debian-upgrade-xen

References

CVE-2023-46839
https://attackerkb.com/topics/CVE-2023-46839
EUVD-EUVD-2023-51005
https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-51005

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report