cve-2024-45819
Vulnerability from cvelistv5
Published
2024-12-19 12:00
Modified
2024-12-19 12:04
Severity ?
Summary
PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space that is being allocated is left with its prior contents.
References
security@xen.orghttps://xenbits.xenproject.org/xsa/advisory-464.html
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/11/12/1
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/11/12/10
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/11/12/7
af854a3a-2127-422b-91ae-364da2661108http://xenbits.xen.org/xsa/advisory-464.html
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-12-19T12:04:50.065Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/11/12/1"
          },
          {
            "url": "http://xenbits.xen.org/xsa/advisory-464.html"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/11/12/10"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/11/12/7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Xen",
          "vendor": "Xen",
          "versions": [
            {
              "status": "unknown",
              "version": "consult Xen advisory XSA-464"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "Xen versions 4.8 and onwards are vulnerable.  Xen 4.7 and older are not\nvulnerable.\n\nOnly x86 systems running PVH guests are vulnerable.  Architectures other\nthan x86 are not vulnerable.\n\nOnly PVH guests can leverage the vulnerability.  HVM and PV guests\ncannot leverage the vulnerability.  Note that PV guests when run inside\nthe (PVH) shim can\u0027t leverage the vulnerability."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This issue was discovered by Jason Andryuk of AMD."
        }
      ],
      "datePublic": "2024-11-12T12:00:00Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "PVH guests have their ACPI tables constructed by the toolstack.  The\nconstruction involves building the tables in local memory, which are\nthen copied into guest memory.  While actually used parts of the local\nmemory are filled in correctly, excess space that is being allocated is\nleft with its prior contents."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "An unprivileged guest may be able to access sensitive information\npertaining to the host, control domain, or other guests."
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T12:00:50.271Z",
        "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
        "shortName": "XEN"
      },
      "references": [
        {
          "url": "https://xenbits.xenproject.org/xsa/advisory-464.html"
        }
      ],
      "title": "libxl leaks data to PVH guests via ACPI tables",
      "workarounds": [
        {
          "lang": "en",
          "value": "Running only PV or HVM guests will avoid this vulnerability."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
    "assignerShortName": "XEN",
    "cveId": "CVE-2024-45819",
    "datePublished": "2024-12-19T12:00:50.271Z",
    "dateReserved": "2024-09-09T14:43:11.826Z",
    "dateUpdated": "2024-12-19T12:04:50.065Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-45819\",\"sourceIdentifier\":\"security@xen.org\",\"published\":\"2024-12-19T12:15:16.673\",\"lastModified\":\"2024-12-19T12:15:16.673\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PVH guests have their ACPI tables constructed by the toolstack.  The\\nconstruction involves building the tables in local memory, which are\\nthen copied into guest memory.  While actually used parts of the local\\nmemory are filled in correctly, excess space that is being allocated is\\nleft with its prior contents.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://xenbits.xenproject.org/xsa/advisory-464.html\",\"source\":\"security@xen.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/11/12/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/11/12/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/11/12/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://xenbits.xen.org/xsa/advisory-464.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.