CVE-2023-34326

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 5, 2024

Updated: Jan 11, 2024

Summary

CVE-2023-34326 is a vulnerability affecting some AMD processors. The issue stems from incorrect caching invalidation guidelines in the AMD-Vi specification (Rev. 3.07-PUB, Oct 2022). This misconfiguration can lead to devices malfunctioning due to stale DMA mappings. Consequently, unintended memory regions may become accessible, posing a potential security risk. The vulnerability arises when the IOMMU TLB is not properly flushed upon updating specific fields of the Device Tree Entry (DTE).

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Affected Vendors

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ry4n1d
https://www.cve.org/CVERecord?id=CVE-2023-34326
https://nvd.nist.gov/vuln/detail/CVE-2023-34326

Back to Vulnerability Database