vulnerability
SUSE: CVE-2023-46839: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Jan 30, 2024 | Jan 31, 2024 | Feb 18, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Jan 30, 2024
Added
Jan 31, 2024
Modified
Feb 18, 2025
Description
PCI devices can make use of a functionality called phantom functions,
that when enabled allows the device to generate requests using the IDs
of functions that are otherwise unpopulated. This allows a device to
extend the number of outstanding requests.
Such phantom functions need an IOMMU context setup, but failure to
setup the context is not fatal when the device is assigned. Not
failing device assignment when such failure happens can lead to the
primary device being assigned to a guest, while some of the phantom
functions are assigned to a different domain.
Solutions
suse-upgrade-xensuse-upgrade-xen-develsuse-upgrade-xen-doc-htmlsuse-upgrade-xen-libssuse-upgrade-xen-libs-32bitsuse-upgrade-xen-toolssuse-upgrade-xen-tools-domususe-upgrade-xen-tools-xendomains-wait-disk
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.