CVE-2024-53241 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 98.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 24
Latest updateAug 14
Description
In the Linux kernel, the following vulnerability has been resolved:
x86/xen: don't do PV iret hypercall through hypercall page
Instead of jumping to the Xen hypercall page for doing the iret
hypercall, directly code the required sequence in xen-asm.S.
This is done in preparation of no longer using hypercall page at all,
as it has shown to cause problems with speculation mitigations.
This is part of XSA-466 / CVE-2024-53241.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5linux/linuxcdacc1278b12d929f9a053c245ff3d16eb7af9f8 — 05df6e6cd9a76b778aee33c3c18c9f3b3566d4a5+6
Patches
🔴Vulnerability Details
9OSV▶
CVE-2024-53241: In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to t↗2024-12-24
GHSA▶
GHSA-w2vx-fp9q-36ph: In the Linux kernel, the following vulnerability has been resolved:
x86/xen: don't do PV iret hypercall through hypercall page
Instead of jumping to↗2024-12-24