CVE-2023-46840

Advisory lineage Upstream: 0 Downstream: 7

Downstream

ALPINE-CVE-2023-46840 DEBIAN-CVE-2023-46840 MGASA-2024-0047 OPENSUSE-SU-2024:13648-1 SUSE-SU-2024:0266-1 SUSE-SU-2024:0830-1

Analyzed

Published: 20 Mar 2024, 10:40

Last modified:04 Nov 2025, 18:18

Vulnerability Summary

Overall Risk (default)

low

16/100

CVSS Score

4.1 MEDIUM

v3.1 (cve.org)

EPSS Score

0.07% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

20 Mar 2024, 10:40

Published

Vulnerability first disclosed

04 Nov 2025, 18:18

Last Modified

Vulnerability information updated

Description

Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen.

CVSS Metrics

v3.1•MEDIUM•Score: 4.1CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N

EPSS Trends

Current EPSS score: 0.07%• Percentile: 22%

Techniques & Countermeasures

CWE-670•Always-Incorrect Control Flow Implementation
The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

Affected Systems

fedoraproject•fedora
39
xen•xen
≥ 4.17