CVE & CISA-KEV Catalog

CVE-2023-46841

MEDIUM
6.5
CVSS v3
NVD

Description

Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses are accompanied by so called "shadow stacks", holding little more than return addresses. Shadow stacks aren't writable by normal instructions, and upon function returns their contents are used to check for possible manipulation of a return address coming from the traditional stack. In particular certain memory accesses need intercepting by Xen. In various cases the necessary emulation involves kind of replaying of the instruction. Such replaying typically involves filling and then invoking of a stub. Such a replayed instruction may raise an exceptions, which is expected and dealt with accordingly. Unfortunately the interaction of both of the above wasn't right: Recovery involves removal of a call frame from the (traditional) stack. The counterpart of this operation for the shadow stack was missing.

How to fix

Remediation Available
xenDebian
Fixed in:4.17.5+23-ga4e5191dc0-1CVE-2023-46841
Fixed in:4.17.3+36-g54dacb5c02-1CVE-2023-46841
Fixed in:4.17.3+36-g54dacb5c02-1CVE-2023-46841

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeChanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Exploit Intelligence

0.27%probability of exploitation in 30 days
18thpercentile

Low risk: more likely to be exploited than 18% of all known CVEs.

References

Embed a live status badge for CVE-2023-46841
CVE-2023-46841 severity badge

Markdown

[![CVE-2023-46841](https://tridentstack.com/cve/badge/CVE-2023-46841.svg)](https://tridentstack.com/cve/CVE-2023-46841)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-46841"><img src="https://tridentstack.com/cve/badge/CVE-2023-46841.svg" alt="CVE-2023-46841"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-11-04.