CVE-2023-46840

Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen.

CVSS v3 4.1 MEDIUM

4.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://xenbits.xenproject.org/xsa/advisory-450.html	Patch Vendor Advisory
http://xenbits.xen.org/xsa/advisory-450.html	Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XLL6SQ6IKFYXLYWITYZCRV5IBRK5G35R/	Mailing List Third Party Advisory
https://xenbits.xenproject.org/xsa/advisory-450.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-03-20 11:15

Updated : 2026-01-13 14:50

NVD link : CVE-2023-46840

Mitre link : CVE-2023-46840

CVE.ORG link : CVE-2023-46840

JSON object : View

Products Affected

xen

xen

fedoraproject

fedora

CWE

CWE-670

Always-Incorrect Control Flow Implementation

{"id": "CVE-2023-46840", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.5}]}, "published": "2024-03-20T11:15:08.180", "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-450.html", "tags": ["Patch", "Vendor Advisory"], "source": "security@xen.org"}, {"url": "http://xenbits.xen.org/xsa/advisory-450.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XLL6SQ6IKFYXLYWITYZCRV5IBRK5G35R/", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://xenbits.xenproject.org/xsa/advisory-450.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-670"}]}], "descriptions": [{"lang": "en", "value": "Incorrect placement of a preprocessor directive in source code results\nin logic that doesn't operate as intended when support for HVM guests is\ncompiled out of Xen.\n"}, {"lang": "es", "value": "La ubicaci\u00f3n incorrecta de una directiva de preprocesador en el c\u00f3digo fuente da como resultado una l\u00f3gica que no funciona como se espera cuando el soporte para invitados HVM se compila desde Xen."}], "lastModified": "2026-01-13T14:50:49.260", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*", "vulnerable": true, "matchCriteriaId": "1B149544-81AE-4439-B77E-F4C973187511", "versionStartIncluding": "4.17"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}], "operator": "OR"}]}], "sourceIdentifier": "security@xen.org"}