ALPINE-CVE-2024-2201

ALPINE-CVE-2024-2201 PUBLISHED CVSS 4.699999809265137 MEDIUM

A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.

Risk Scores

CVSS v3.1

4.699999809265137

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.18	xen	4.9.1-r3, 4.9.1-r2, 4.9.1-r1
Alpine:v3.23	xen	4.15.0-r4, 4.15.0-r2, 4.15.0-r1
Alpine:v3.21	xen	4.15.0-r0, 4.14.1-r5, 4.14.1-r4
Alpine:v3.22	xen	4.5.1-r2, 0, 4.0.1-r0
Alpine:v3.20	xen	4.9.1-r3, 4.1.2-r9, 4.1.3-r0
Alpine:v3.16	xen	4.16.1-r2, 4.1.2-r5, 4.1.2-r3
Alpine:v3.17	xen	4.15.0-r5, 4.9.1-r3, 4.9.1-r2
Alpine:v3.19	xen	4.11.1-r1, 4.11.1-r0, 4.11.0-r1

Timeline

Dec 19, 2024 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2024-2201 advisory

Open in Interactive Console →