7.3

CVE-2024-45817

EPSS 0.37%
Veröffentlicht 25.09.2024 11:15:12
Zuletzt bearbeitet 14.01.2026 15:46:51
Quelle security@xen.org
CVE-Watchlists
Login
Unerledigt
Login

In x86's APIC (Advanced Programmable Interrupt Controller) architecture,
error conditions are reported in a status register.  Furthermore, the OS
can opt to receive an interrupt when a new error occurs.

It is possible to configure the error interrupt with an illegal vector,
which generates an error when an error interrupt is raised.

This case causes Xen to recurse through vlapic_error().  The recursion
itself is bounded; errors accumulate in the the status register and only
generate an interrupt when a new status bit becomes set.

However, the lock protecting this state in Xen will try to be taken
recursively, and deadlock.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xen ≫ Xen HwPlatformx86 Version >= 4.5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.582

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://xenbits.xenproject.org/xsa/advisory-462.html

Patch

Vendor Advisory

http://www.openwall.com/lists/oss-security/2024/09/24/1

Third Party Advisory

Mailing List

http://xenbits.xen.org/xsa/advisory-462.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-45817

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45817

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45817

EUVD