VDB
CVE-2024-45818
CVE-2024-45818
PUBLISHED
Es existiert eine Schwachstelle in Xen. Das Problem besteht im Code zur Beschleunigung von VGA-Speicherzugriffen für HVM-Gäste. Ein Angreifer aus einer HVM Gastmaschine kann kann diese Schwachstelle ausnutzen, um den gesamten Host zu blockieren und somit einen Denial of Service auszulösen.
EPSS 0.27% · 51.2th percentile
Risk Scores
EPSS Score
0.27%
51.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open Source | Open Source Xen 4.16.x | |
| Open Source | Open Source Xen 4.17.x | |
| SUSE | SUSE openSUSE | |
| Fedora | Fedora Linux | |
| Open Source | Open Source Xen 4.18.x | |
| SUSE | SUSE Linux | |
| Open Source | Open Source Xen 4.19.x | |
| Debian | Debian Linux |
Exploit Intelligence
- Deadlock in x86 HVM standard VGA handling (hackerone)
- Deadlock in x86 HVM standard VGA handling (hackerone)
- Deadlock in x86 HVM standard VGA handling (hackerone)
- CIRCL seen: CVE-2024-45818 (circl-sighting)
- CIRCL seen: CVE-2024-45818 (circl-sighting)
- CIRCL seen: CVE-2024-45818 (circl-sighting)
- CIRCL seen: CVE-2024-45818 (circl-sighting)
- http://www.openwall.com/lists/oss-security/2024/11/12/2 (circl)
- http://xenbits.xen.org/xsa/advisory-463.html (circl)
- https://xenbits.xenproject.org/xsa/advisory-463.html (circl)
Timeline
- CVE Published
- Dec 19, 2024 PoC Published
- Dec 19, 2024 PoC Published
- Dec 20, 2024 EPSS Score
- Jan 5, 2025 EPSS Score
- Jan 22, 2025 EPSS Score
- Feb 7, 2025 EPSS Score
- Feb 24, 2025 EPSS Score
- Mar 7, 2025 PoC Published
- Mar 12, 2025 EPSS Score
- Mar 14, 2025 Coalition ESS Score
- Mar 28, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3410.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3410 advisory
- https://seclists.org/oss-sec/2024/q4/80 advisory
- https://seclists.org/oss-sec/2024/q4/81 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-November/019811.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-November/019812.html advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5PITLXQDHEFQ6UERC2T2WC4B2JXGMHM2/ advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-b043effc6a advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-7c2cfa2fe5 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-November/019847.html advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/BEWRLARXOTVNP23NN77IW3VFLNMEXBMM/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/QZJCBTBZKISVPQVGZHH36P3XK7ZEWCCP/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/7DDJIN2NQVRSUGDKCUPSGI662X3KHLZN/ advisory
- https://lists.debian.org/debian-security-announce/2024/msg00252.html advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2025-933a9a977e advisory