CVE-2024-45819

libxl leaks data to PVH guests via ACPI tables

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

PVH guests have their ACPI tables constructed by the toolstack. The
construction involves building the tables in local memory, which are
then copied into guest memory. While actually used parts of the local
memory are filled in correctly, excess space that is being allocated is
left with its prior contents.

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks.

*Credits: This issue was discovered by Jason Andryuk of AMD.

CVSS Scores

CISAv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-09-09 CVE Reserved
2024-12-19 CVE Published
2024-12-20 EPSS Updated
2024-12-31 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-276: Incorrect Default Permissions

CAPEC

References (5)

URL	Tag	Source
https://xenbits.xenproject.org/xsa/advisory-464.html
http://www.openwall.com/lists/oss-security/2024/11/12/1
http://www.openwall.com/lists/oss-security/2024/11/12/10
http://www.openwall.com/lists/oss-security/2024/11/12/7
http://xenbits.xen.org/xsa/advisory-464.html

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
-		-				-		-		-