Main Vulnerability Database SB2024121807

SB2024121807 - Information disclosure in Xen hypercall page implementation

Published: December 18, 2024

Security Bulletin ID SB2024121807

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2024-53241)

The vulnerability allows a malicious guest to gain access to sensitive information.

The vulnerability exists due to implemented mitigations for hardware vulnerabilities related to Xen hypercall page implementation the guest OS is relying on to work might not be fully functional, resulting in e.g. guest user processes being able to read data they ought not have access to.

Remediation

Install update from vendor's website.

References

https://xenbits.xen.org/xsa/advisory-466.html