Is CVE-2023-46837 actively exploited?

CVE-2023-46837 has no public evidence of in-the-wild exploitation as of 2025-11-04.

What is the CVSS score for CVE-2023-46837?

CVE-2023-46837 has a CVSS score of 3.3 (LOW severity). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

How do I patch CVE-2023-46837?

Patch guidance is available from xen security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2023-46837.

CVE-2023-46837 - remediation guidance & executive summary

Description

Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory. This undefined behavior was meant to be addressed by XSA-437, but the approach was not sufficient.

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector: local
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
Weaknesses: CWE-119 · Memory Buffer Errors CWE-119 · Memory Buffer Errors

Metadata

Primary Vendor: XEN
Published: 1/5/2024
Last Modified: 11/4/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2023-46837

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary