{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T20:55:49.918","vulnerabilities":[{"cve":{"id":"CVE-2023-46841","sourceIdentifier":"security@xen.org","published":"2024-03-20T11:15:08.220","lastModified":"2025-11-04T19:16:05.413","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Recent x86 CPUs offer functionality named Control-flow Enforcement\nTechnology (CET).  A sub-feature of this are Shadow Stacks (CET-SS).\nCET-SS is a hardware feature designed to protect against Return Oriented\nProgramming attacks. When enabled, traditional stacks holding both data\nand return addresses are accompanied by so called \"shadow stacks\",\nholding little more than return addresses.  Shadow stacks aren't\nwritable by normal instructions, and upon function returns their\ncontents are used to check for possible manipulation of a return address\ncoming from the traditional stack.\n\nIn particular certain memory accesses need intercepting by Xen.  In\nvarious cases the necessary emulation involves kind of replaying of\nthe instruction.  Such replaying typically involves filling and then\ninvoking of a stub.  Such a replayed instruction may raise an\nexceptions, which is expected and dealt with accordingly.\n\nUnfortunately the interaction of both of the above wasn't right:\nRecovery involves removal of a call frame from the (traditional) stack.\nThe counterpart of this operation for the shadow stack was missing."},{"lang":"es","value":"Las CPU x86 recientes ofrecen una funcionalidad denominada Control-flow Enforcement Technology (CET). Una subcaracterística de esto son Shadow Stacks (CET-SS). CET-SS es una característica de hardware manipulada para proteger contra ataques de programación orientada al retorno. Cuando están habilitadas, las pilas tradicionales que contienen datos y direcciones de retorno van acompañadas de las llamadas \"pilas ocultas\", que contienen poco más que direcciones de retorno. Las pilas de sombra no se pueden escribir mediante instrucciones normales y, cuando la función regresa, su contenido se usa para verificar una posible manipulación de una dirección de retorno proveniente de la pila tradicional. En particular, ciertos accesos a la memoria necesitan ser interceptados por Xen. En varios casos, la emulación necesaria implica una especie de repetición de la instrucción. Esta reproducción normalmente implica llenar y luego invocar un trozo. Una instrucción repetida de este tipo puede generar excepciones, lo cual se espera y se trata en consecuencia. Desafortunadamente, la interacción de los dos anteriores no fue correcta: la recuperación implica la eliminación de un marco de llamada de la pila (tradicional). Faltaba la contraparte de esta operación para la pila de sombra."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":4.0}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*","matchCriteriaId":"CA277A6C-83EC-4536-9125-97B84C4FAF59"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*","versionStartIncluding":"4.14.0","matchCriteriaId":"73CA7EB6-4464-4294-B859-0C8DD3AB7E86"}]}]}],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/","source":"security@xen.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://xenbits.xenproject.org/xsa/advisory-451.html","source":"security@xen.org","tags":["Patch","Vendor Advisory"]},{"url":"http://xenbits.xen.org/xsa/advisory-451.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HES2IJXZY3H7HBPP4NVSVYYNGW254DMI/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://xenbits.xenproject.org/xsa/advisory-451.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}