SB2025011663 - SUSE update for xen
Published: January 16, 2025
Security Bulletin ID
SB2025011663
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2024-53241)
The vulnerability allows a malicious guest to gain access to sensitive information.
The vulnerability exists due to implemented mitigations for hardware vulnerabilities related to Xen hypercall page implementation the guest OS is relying on to work might not be fully functional, resulting in e.g. guest user processes being able to read data they ought not have access to.
Remediation
Install update from vendor's website.