Main Vulnerability Database Vulnerabilities #VU101817

#VU101817 Processor optimization removal or modification of security-critical code in Xen - CVE-2024-53241

Published: December 18, 2024

Vulnerability identifier: #VU101817

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-53241

CWE-ID: CWE-1037

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Xen

Software vendor:
Xen Project

Description

The vulnerability allows a malicious guest to gain access to sensitive information.

The vulnerability exists due to implemented mitigations for hardware vulnerabilities related to Xen hypercall page implementation the guest OS is relying on to work might not be fully functional, resulting in e.g. guest user processes being able to read data they ought not have access to.

Remediation

Install updates from vendor's website.

External links

https://xenbits.xen.org/xsa/advisory-466.html

#VU101817 Processor optimization removal or modification of security-critical code in Xen - CVE-2024-53241

Description

Remediation

External links

Please verify you're human