{"id":"CVE-2023-46836","details":"The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative\nReturn Stack Overflow) are not IRQ-safe.  It was believed that the\nmitigations always operated in contexts with IRQs disabled.\n\nHowever, the original XSA-254 fix for Meltdown (XPTI) deliberately left\ninterrupts enabled on two entry paths; one unconditionally, and one\nconditionally on whether XPTI was active.\n\nAs BTC/SRSO and Meltdown affect different CPU vendors, the mitigations\nare not active together by default.  Therefore, there is a race\ncondition whereby a malicious PV guest can bypass BTC/SRSO protections\nand launch a BTC/SRSO attack against Xen.\n","modified":"2026-02-05T07:53:19.933609Z","published":"2024-01-05T17:15:11Z","related":["SUSE-SU-2023:4466-1","SUSE-SU-2023:4475-1","SUSE-SU-2023:4476-1","SUSE-SU-2023:4484-1","SUSE-SU-2023:4485-1","SUSE-SU-2023:4486-1","SUSE-SU-2023:4945-1","openSUSE-SU-2024:13442-1"],"references":[{"type":"ADVISORY","url":"https://xenbits.xenproject.org/xsa/advisory-446.html"},{"type":"FIX","url":"https://xenbits.xenproject.org/xsa/advisory-446.html"}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}