VDB
CVE-2024-45819
CVE-2024-45819
PUBLISHED
Es existiert eine Schwachstelle in Xen. Bei der Konstruktion von ACPI-Tabellen bei PVH-Gästen werden diese im lokalen Speicher erstellt und dann in den Gastspeicher kopiert. Ein nicht privilegierter Angreifer aus dem Gastsystem kann diese Schwachstelle ausnutzen, um auf vertrauliche Informationen zuzugreifen, die den Host, die Kontrolldomäne oder andere Gäste betreffen.
EPSS 0.10% · 27.8th percentile
Risk Scores
EPSS Score
0.10%
27.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | |
| Open Source | Open Source Xen 4.16.x | |
| Fedora | Fedora Linux | |
| SUSE | SUSE openSUSE | |
| SUSE | SUSE Linux |
Exploit Intelligence
- CIRCL seen: CVE-2024-45819 (circl-sighting)
- CIRCL seen: CVE-2024-45819 (circl-sighting)
- http://www.openwall.com/lists/oss-security/2024/11/12/1 (circl)
- http://xenbits.xen.org/xsa/advisory-464.html (circl)
- http://www.openwall.com/lists/oss-security/2024/11/12/10 (circl)
- http://www.openwall.com/lists/oss-security/2024/11/12/7 (circl)
- https://xenbits.xenproject.org/xsa/advisory-464.html (circl)
Timeline
- Nov 11, 2024 CVE Published
- Dec 19, 2024 PoC Published
- Dec 19, 2024 PoC Published
- Dec 20, 2024 EPSS Score
- Jan 5, 2025 EPSS Score
- Jan 9, 2025 CVE Updated
- Jan 22, 2025 EPSS Score
- Feb 7, 2025 EPSS Score
- Feb 24, 2025 EPSS Score
- Feb 28, 2025 Coalition ESS Score
- Mar 12, 2025 EPSS Score
- Mar 28, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3410.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3410 advisory
- https://seclists.org/oss-sec/2024/q4/80 advisory
- https://seclists.org/oss-sec/2024/q4/81 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-November/019811.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-November/019812.html advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5PITLXQDHEFQ6UERC2T2WC4B2JXGMHM2/ advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-b043effc6a advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-7c2cfa2fe5 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-November/019847.html advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/BEWRLARXOTVNP23NN77IW3VFLNMEXBMM/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/QZJCBTBZKISVPQVGZHH36P3XK7ZEWCCP/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/7DDJIN2NQVRSUGDKCUPSGI662X3KHLZN/ advisory
- https://lists.debian.org/debian-security-announce/2024/msg00252.html advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2025-933a9a977e advisory