CVE-2024-45817

EPSS 0.44%
Veröffentlicht 25.09.2024 11:15:12
Zuletzt bearbeitet 21.11.2024 09:38:08
Quelle security@xen.org
Teams Watchlist Login
Unerledigt Login

In x86's APIC (Advanced Programmable Interrupt Controller) architecture,
error conditions are reported in a status register.  Furthermore, the OS
can opt to receive an interrupt when a new error occurs.

It is possible to configure the error interrupt with an illegal vector,
which generates an error when an error interrupt is raised.

This case causes Xen to recurse through vlapic_error().  The recursion
itself is bounded; errors accumulate in the the status register and only
generate an interrupt when a new status bit becomes set.

However, the lock protecting this state in Xen will try to be taken
recursively, and deadlock.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerXen

≫

Produkt Xen

Default Statusunknown

Version consult Xen advisory XSA-462

Status unknown

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.44%	0.622

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://xenbits.xenproject.org/xsa/advisory-462.html

http://www.openwall.com/lists/oss-security/2024/09/24/1

http://xenbits.xen.org/xsa/advisory-462.html

https://nvd.nist.gov/vuln/detail/CVE-2024-45817

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45817

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45817

EUVD