Main Vulnerability Database Vulnerabilities #VU101817

Processor optimization removal or modification of security-critical code in Xen - CVE-2024-53241

Published: December 18, 2024

Vulnerability identifier: #VU101817

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-53241

CWE-ID: CWE-1037

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Xen Project

Affected software:
Xen

Detailed vulnerability description

The vulnerability allows a malicious guest to gain access to sensitive information.

The vulnerability exists due to implemented mitigations for hardware vulnerabilities related to Xen hypercall page implementation the guest OS is relying on to work might not be fully functional, resulting in e.g. guest user processes being able to read data they ought not have access to.

How to mitigate CVE-2024-53241

Install updates from vendor's website.

Sources

https://xenbits.xen.org/xsa/advisory-466.html

Processor optimization removal or modification of security-critical code in Xen - CVE-2024-53241

Detailed vulnerability description

How to mitigate CVE-2024-53241

Sources

Please verify you're human