Alpine: multiple xen packages: security update to 4.17.2-r4

medium Tenable Self-Hosted Container Security Plugin ID 424698

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been
initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels.
However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot
pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are
configured in the IOMMU. On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() will
setup page tables for the scratch page with 4 levels, while the IOMMU will be configured to use 3 levels
only, resulting in the last page table directory (PDE) effectively becoming a page table entry (PTE), and
hence a device in quarantine mode gaining write access to the page destined to be a PDE. Due to this page
table level mismatch, the sink page the device gets read/write access to is no longer cleared between
device assignment, possibly leading to data leaks. (CVE-2023-46835)

- The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-
safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the
original XSA-254 fix for Meltdown (XPTI) deliberately left interrupts enabled on two entry paths; one
unconditionally, and one conditionally on whether XPTI was active. As BTC/SRSO and Meltdown affect
different CPU vendors, the mitigations are not active together by default. Therefore, there is a race
condition whereby a malicious PV guest can bypass BTC/SRSO protections and launch a BTC/SRSO attack
against Xen. (CVE-2023-46836)

See Also

https://security.alpinelinux.org/vuln/CVE-2023-46835

https://security.alpinelinux.org/vuln/CVE-2023-46836

Plugin Details

Severity: Medium

ID: 424698

Version: Revision 1.14

Type: Local

Published: 4/4/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.51

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N

CVSS Score Source: CVE-2023-46835

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 11/15/2023

Reference Information

CVE: CVE-2023-46835, CVE-2023-46836

IAVB: 2023-B-0090-S