ALPINE-CVE-2023-46839
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 20 Mar 2024, 11:15
Last modified:03 Dec 2025, 22:53
Vulnerability Summary
Overall Risk (default)
low
21/100 CVSS Score
5.3 MEDIUM
3.1 (osv_alpine)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
20 Mar 2024, 11:15
Published
Vulnerability first disclosed
03 Dec 2025, 22:53
Last Modified
Vulnerability information updated
Description
PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions need an IOMMU context setup, but failure to setup the context is not fatal when the device is assigned. Not failing device assignment when such failure happens can lead to the primary device being assigned to a guest, while some of the phantom functions are assigned to a different domain.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Systems
- alpine•xen
< 4.16.5-r6 | < 4.16.5-r6 | < 4.17.3-r0 | < 4.18.0-r3 | < 4.18.0-r3 | < 4.18.0-r3 | < 4.18.0-r3 | < 4.18.0-r3