CVE-2024-45818Improper Locking in XEN

CWE-667Improper Locking7 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 57.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
XEN
Timeline
PublishedDec 19
Latest updateMar 7

Description

The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Locking involved there has an unusual discipline, leaving a lock acquired past the return from the function that acquired it. This behavior results in a problem when emulating an instruction with two memory accesses, both of which touch VGA memory (plus some further constraints which aren't relevant here). When emulating the 2nd access, the lock that is already being held

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

NVDxen/xen4.6.04.20.0
Alpinexen/xen< 4.16.6-r3+6
Debianxen/xen< 4.17.5+23-ga4e5191dc0-1+2

Patches

Patch: xenbits.xenproject.orgPatch: www.openwall.comPatch: xenbits.xen.org

🔴Vulnerability Details

4
OSV
CVE-2024-45818: The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode2024-12-19
OSV
CVE-2024-45818: The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode2024-12-19
CVEList
Deadlock in x86 HVM standard VGA handling2024-12-19
GHSA
GHSA-9ppw-wh7x-2qc9: The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode2024-12-19

📋Vendor Advisories

1
Debian
CVE-2024-45818: xen - The hypervisor contains code to accelerate VGA memory accesses for HVM guests, w...2024

💬Community

1
HackerOne
Deadlock in x86 HVM standard VGA handling2025-03-07