CVE-2024-45819 (GCVE-0-2024-45819)

Vulnerability from cvelistv5 – Published: 2024-12-19 12:00 – Updated: 2024-12-31 18:57
VLAI
Title
libxl leaks data to PVH guests via ACPI tables
Summary
PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space that is being allocated is left with its prior contents.
Severity
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
XEN
References
Impacted products
Vendor Product Version
Xen Xen Unknown: consult Xen advisory XSA-464
Create a notification for this product.
Date Public
2024-11-12 12:00
Credits
This issue was discovered by Jason Andryuk of AMD.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-12-19T12:04:50.065Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/11/12/1"
          },
          {
            "url": "http://xenbits.xen.org/xsa/advisory-464.html"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/11/12/10"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/11/12/7"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-45819",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-31T18:56:31.915960Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-276",
                "description": "CWE-276 Incorrect Default Permissions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-31T18:57:41.513Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Xen",
          "vendor": "Xen",
          "versions": [
            {
              "status": "unknown",
              "version": "consult Xen advisory XSA-464"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "Xen versions 4.8 and onwards are vulnerable.  Xen 4.7 and older are not\nvulnerable.\n\nOnly x86 systems running PVH guests are vulnerable.  Architectures other\nthan x86 are not vulnerable.\n\nOnly PVH guests can leverage the vulnerability.  HVM and PV guests\ncannot leverage the vulnerability.  Note that PV guests when run inside\nthe (PVH) shim can\u0027t leverage the vulnerability."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This issue was discovered by Jason Andryuk of AMD."
        }
      ],
      "datePublic": "2024-11-12T12:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "PVH guests have their ACPI tables constructed by the toolstack.  The\nconstruction involves building the tables in local memory, which are\nthen copied into guest memory.  While actually used parts of the local\nmemory are filled in correctly, excess space that is being allocated is\nleft with its prior contents."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "An unprivileged guest may be able to access sensitive information\npertaining to the host, control domain, or other guests."
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T12:00:50.271Z",
        "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
        "shortName": "XEN"
      },
      "references": [
        {
          "url": "https://xenbits.xenproject.org/xsa/advisory-464.html"
        }
      ],
      "title": "libxl leaks data to PVH guests via ACPI tables",
      "workarounds": [
        {
          "lang": "en",
          "value": "Running only PV or HVM guests will avoid this vulnerability."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
    "assignerShortName": "XEN",
    "cveId": "CVE-2024-45819",
    "datePublished": "2024-12-19T12:00:50.271Z",
    "dateReserved": "2024-09-09T14:43:11.826Z",
    "dateUpdated": "2024-12-31T18:57:41.513Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-45819",
      "date": "2026-05-29",
      "epss": "0.00103",
      "percentile": "0.27806"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"PVH guests have their ACPI tables constructed by the toolstack.  The\\nconstruction involves building the tables in local memory, which are\\nthen copied into guest memory.  While actually used parts of the local\\nmemory are filled in correctly, excess space that is being allocated is\\nleft with its prior contents.\"}, {\"lang\": \"es\", \"value\": \"Las tablas ACPI de los invitados PVH se construyen mediante la pila de herramientas. La construcci\\u00f3n implica la creaci\\u00f3n de las tablas en la memoria local, que luego se copian en la memoria del invitado. Si bien las partes realmente utilizadas de la memoria local se completan correctamente, el espacio sobrante que se est\\u00e1 asignando se deja con su contenido anterior.\"}]",
      "id": "CVE-2024-45819",
      "lastModified": "2024-12-31T19:15:46.797",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
      "published": "2024-12-19T12:15:16.673",
      "references": "[{\"url\": \"https://xenbits.xenproject.org/xsa/advisory-464.html\", \"source\": \"security@xen.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/11/12/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/11/12/10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/11/12/7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-464.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@xen.org",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-276\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-45819\",\"sourceIdentifier\":\"security@xen.org\",\"published\":\"2024-12-19T12:15:16.673\",\"lastModified\":\"2026-01-14T20:41:34.743\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PVH guests have their ACPI tables constructed by the toolstack.  The\\nconstruction involves building the tables in local memory, which are\\nthen copied into guest memory.  While actually used parts of the local\\nmemory are filled in correctly, excess space that is being allocated is\\nleft with its prior contents.\"},{\"lang\":\"es\",\"value\":\"Las tablas ACPI de los invitados PVH se construyen mediante la pila de herramientas. La construcci\u00f3n implica la creaci\u00f3n de las tablas en la memoria local, que luego se copian en la memoria del invitado. Si bien las partes realmente utilizadas de la memoria local se completan correctamente, el espacio sobrante que se est\u00e1 asignando se deja con su contenido anterior.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*\",\"versionStartIncluding\":\"4.8.0\",\"matchCriteriaId\":\"9127B262-55D3-480D-AED0-D0A33D99D278\"}]}]}],\"references\":[{\"url\":\"https://xenbits.xenproject.org/xsa/advisory-464.html\",\"source\":\"security@xen.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/11/12/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/11/12/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/11/12/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-464.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2024/11/12/1\"}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-464.html\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/11/12/10\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/11/12/7\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-12-19T12:04:50.065Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45819\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-31T18:56:31.915960Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-276\", \"description\": \"CWE-276 Incorrect Default Permissions\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-31T18:57:03.310Z\"}}], \"cna\": {\"title\": \"libxl leaks data to PVH guests via ACPI tables\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"This issue was discovered by Jason Andryuk of AMD.\"}], \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"An unprivileged guest may be able to access sensitive information\\npertaining to the host, control domain, or other guests.\"}]}], \"affected\": [{\"vendor\": \"Xen\", \"product\": \"Xen\", \"versions\": [{\"status\": \"unknown\", \"version\": \"consult Xen advisory XSA-464\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2024-11-12T12:00:00.000Z\", \"references\": [{\"url\": \"https://xenbits.xenproject.org/xsa/advisory-464.html\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Running only PV or HVM guests will avoid this vulnerability.\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"PVH guests have their ACPI tables constructed by the toolstack.  The\\nconstruction involves building the tables in local memory, which are\\nthen copied into guest memory.  While actually used parts of the local\\nmemory are filled in correctly, excess space that is being allocated is\\nleft with its prior contents.\"}], \"configurations\": [{\"lang\": \"en\", \"value\": \"Xen versions 4.8 and onwards are vulnerable.  Xen 4.7 and older are not\\nvulnerable.\\n\\nOnly x86 systems running PVH guests are vulnerable.  Architectures other\\nthan x86 are not vulnerable.\\n\\nOnly PVH guests can leverage the vulnerability.  HVM and PV guests\\ncannot leverage the vulnerability.  Note that PV guests when run inside\\nthe (PVH) shim can\u0027t leverage the vulnerability.\"}], \"providerMetadata\": {\"orgId\": \"23aa2041-22e1-471f-9209-9b7396fa234f\", \"shortName\": \"XEN\", \"dateUpdated\": \"2024-12-19T12:00:50.271Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-45819\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-31T18:57:41.513Z\", \"dateReserved\": \"2024-09-09T14:43:11.826Z\", \"assignerOrgId\": \"23aa2041-22e1-471f-9209-9b7396fa234f\", \"datePublished\": \"2024-12-19T12:00:50.271Z\", \"assignerShortName\": \"XEN\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.