CVE-2023-46835: 
Linux Debian vulnerability analysis and mitigation

CVE-2023-46835 is a vulnerability discovered in the Xen hypervisor that affects AMD-based systems. The vulnerability stems from a mismatch in IOMMU quarantine page table levels. The issue was discovered by Roger Pau Monné of XenServer and publicly disclosed on November 14, 2023. The vulnerability specifically affects systems with AMD CPUs that utilize PCI device passthrough functionality (Xen Advisory).

The vulnerability occurs when the quarantine domain (domio) is initialized with an address width of DEFAULTDOMAINADDRESSWIDTH (48) and hence 4 page table levels. However, being a PV domain, it gets AMD-Vi IOMMU page tables levels based on the maximum RAM address. On systems with no RAM above 512GB, only 3 page-table levels are configured in the IOMMU. This mismatch results in the last page table directory (PDE) becoming a page table entry (PTE), allowing a device in quarantine mode to gain write access to the page destined to be a PDE (Xen Advisory). The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (NVD).

Due to the page table level mismatch, the sink page that the device gets read/write access to is no longer cleared between device assignments. This can lead to potential data leaks where a device in quarantine mode can access data from previous quarantine page table usages, potentially exposing data used by previous domains that also had the device assigned (Xen Advisory).

Several mitigation options are available: not passing through physical devices to guests will avoid the vulnerability, or not using quarantine scratch-page mode (though this could result in other issues). Additionally, Xen has released patches for various versions including Xen 4.15.x, 4.16.x, and 4.17.x to resolve the issue (Xen Advisory).