SB2025011663 - SUSE update for xen

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025011663

SB2025011663 - SUSE update for xen

Published: January 16, 2025

Security Bulletin ID SB2025011663
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2024-53241)

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a malicious guest to gain access to sensitive information.

The vulnerability exists due to implemented mitigations for hardware vulnerabilities related to Xen hypercall page implementation the guest OS is relying on to work might not be fully functional, resulting in e.g. guest user processes being able to read data they ought not have access to.


Remediation

Install update from vendor's website.

References