Unrated severityNVD Advisory· Published Jan 5, 2024· Updated Nov 4, 2025
x86/AMD: missing IOMMU TLB flushing
CVE-2023-34326
Description
The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed.
Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions.
Affected products
31- osv-coords30 versionspkg:rpm/opensuse/xen&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/xen&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/xen&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/xen&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/opensuse/xen&distro=openSUSE%20Tumbleweedpkg:rpm/suse/xen&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/xen&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/xen&distro=SUSE%20Manager%20Server%204.2
< 4.16.5_06-150400.4.37.1+ 29 more
- (no CPE)range: < 4.16.5_06-150400.4.37.1
- (no CPE)range: < 4.17.2_06-150500.3.12.1
- (no CPE)range: < 4.16.5_08-150400.4.40.1
- (no CPE)range: < 4.16.5_08-150400.4.40.1
- (no CPE)range: < 4.18.0_02-1.1
- (no CPE)range: < 4.14.6_06-150300.3.57.1
- (no CPE)range: < 4.12.4_40-150100.3.95.1
- (no CPE)range: < 4.13.5_06-150200.3.80.1
- (no CPE)range: < 4.14.6_06-150300.3.57.1
- (no CPE)range: < 4.14.6_06-150300.3.57.1
- (no CPE)range: < 4.14.6_06-150300.3.57.1
- (no CPE)range: < 4.14.6_06-150300.3.57.1
- (no CPE)range: < 4.16.5_06-150400.4.37.1
- (no CPE)range: < 4.16.5_06-150400.4.37.1
- (no CPE)range: < 4.17.2_06-150500.3.12.1
- (no CPE)range: < 4.16.5_06-150400.4.37.1
- (no CPE)range: < 4.17.2_06-150500.3.12.1
- (no CPE)range: < 4.16.5_06-150400.4.37.1
- (no CPE)range: < 4.17.2_06-150500.3.12.1
- (no CPE)range: < 4.12.4_40-3.97.1
- (no CPE)range: < 4.12.4_40-150100.3.95.1
- (no CPE)range: < 4.13.5_06-150200.3.80.1
- (no CPE)range: < 4.14.6_06-150300.3.57.1
- (no CPE)range: < 4.12.4_40-3.97.1
- (no CPE)range: < 4.12.4_40-150100.3.95.1
- (no CPE)range: < 4.13.5_06-150200.3.80.1
- (no CPE)range: < 4.14.6_06-150300.3.57.1
- (no CPE)range: < 4.12.4_40-3.97.1
- (no CPE)range: < 4.14.6_06-150300.3.57.1
- (no CPE)range: < 4.14.6_06-150300.3.57.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.