{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45819", "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "state": "PUBLISHED", "assignerShortName": "XEN", "dateReserved": "2024-09-09T14:43:11.826Z", "datePublished": "2024-12-19T12:00:50.271Z", "dateUpdated": "2024-12-31T18:57:41.513Z"}, "containers": {"cna": {"title": "libxl leaks data to PVH guests via ACPI tables", "datePublic": "2024-11-12T12:00:00Z", "descriptions": [{"lang": "en", "value": "PVH guests have their ACPI tables constructed by the toolstack. The\nconstruction involves building the tables in local memory, which are\nthen copied into guest memory. While actually used parts of the local\nmemory are filled in correctly, excess space that is being allocated is\nleft with its prior contents."}], "impacts": [{"descriptions": [{"lang": "en", "value": "An unprivileged guest may be able to access sensitive information\npertaining to the host, control domain, or other guests."}]}], "affected": [{"defaultStatus": "unknown", "product": "Xen", "vendor": "Xen", "versions": [{"status": "unknown", "version": "consult Xen advisory XSA-464"}]}], "configurations": [{"lang": "en", "value": "Xen versions 4.8 and onwards are vulnerable. Xen 4.7 and older are not\nvulnerable.\n\nOnly x86 systems running PVH guests are vulnerable. Architectures other\nthan x86 are not vulnerable.\n\nOnly PVH guests can leverage the vulnerability. HVM and PV guests\ncannot leverage the vulnerability. Note that PV guests when run inside\nthe (PVH) shim can't leverage the vulnerability."}], "workarounds": [{"lang": "en", "value": "Running only PV or HVM guests will avoid this vulnerability."}], "credits": [{"lang": "en", "type": "finder", "value": "This issue was discovered by Jason Andryuk of AMD."}], "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-464.html"}], "providerMetadata": {"orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN", "dateUpdated": "2024-12-19T12:00:50.271Z"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/11/12/1"}, {"url": "http://xenbits.xen.org/xsa/advisory-464.html"}, {"url": "http://www.openwall.com/lists/oss-security/2024/11/12/10"}, {"url": "http://www.openwall.com/lists/oss-security/2024/11/12/7"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-12-19T12:04:50.065Z"}}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-276", "lang": "en", "description": "CWE-276 Incorrect Default Permissions"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-12-31T18:56:31.915960Z", "id": "CVE-2024-45819", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-31T18:57:41.513Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45819", "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "state": "PUBLISHED", "assignerShortName": "XEN", "dateReserved": "2024-09-09T14:43:11.826Z", "datePublished": "2024-12-19T12:00:50.271Z", "dateUpdated": "2024-12-31T18:57:41.513Z"}, "containers": {"cna": {"title": "libxl leaks data to PVH guests via ACPI tables", "datePublic": "2024-11-12T12:00:00Z", "descriptions": [{"lang": "en", "value": "PVH guests have their ACPI tables constructed by the toolstack. The\nconstruction involves building the tables in local memory, which are\nthen copied into guest memory. While actually used parts of the local\nmemory are filled in correctly, excess space that is being allocated is\nleft with its prior contents."}], "impacts": [{"descriptions": [{"lang": "en", "value": "An unprivileged guest may be able to access sensitive information\npertaining to the host, control domain, or other guests."}]}], "affected": [{"defaultStatus": "unknown", "product": "Xen", "vendor": "Xen", "versions": [{"status": "unknown", "version": "consult Xen advisory XSA-464"}]}], "configurations": [{"lang": "en", "value": "Xen versions 4.8 and onwards are vulnerable. Xen 4.7 and older are not\nvulnerable.\n\nOnly x86 systems running PVH guests are vulnerable. Architectures other\nthan x86 are not vulnerable.\n\nOnly PVH guests can leverage the vulnerability. HVM and PV guests\ncannot leverage the vulnerability. Note that PV guests when run inside\nthe (PVH) shim can't leverage the vulnerability."}], "workarounds": [{"lang": "en", "value": "Running only PV or HVM guests will avoid this vulnerability."}], "credits": [{"lang": "en", "type": "finder", "value": "This issue was discovered by Jason Andryuk of AMD."}], "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-464.html"}], "providerMetadata": {"orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN", "dateUpdated": "2024-12-19T12:00:50.271Z"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/11/12/1"}, {"url": "http://xenbits.xen.org/xsa/advisory-464.html"}, {"url": "http://www.openwall.com/lists/oss-security/2024/11/12/10"}, {"url": "http://www.openwall.com/lists/oss-security/2024/11/12/7"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-12-19T12:04:50.065Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-45819", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-31T18:56:31.915960Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-31T18:57:03.310Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "PVH guests have their ACPI tables constructed by the toolstack. The\nconstruction involves building the tables in local memory, which are\nthen copied into guest memory. While actually used parts of the local\nmemory are filled in correctly, excess space that is being allocated is\nleft with its prior contents."}, {"lang": "es", "value": "Las tablas ACPI de los invitados PVH se construyen mediante la pila de herramientas. La construcci\u00f3n implica la creaci\u00f3n de las tablas en la memoria local, que luego se copian en la memoria del invitado. Si bien las partes realmente utilizadas de la memoria local se completan correctamente, el espacio sobrante que se est\u00e1 asignando se deja con su contenido anterior."}], "id": "CVE-2024-45819", "lastModified": "2024-12-31T19:15:46.797", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-12-19T12:15:16.673", "references": [{"source": "security@xen.org", "url": "https://xenbits.xenproject.org/xsa/advisory-464.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/11/12/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/11/12/10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/11/12/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://xenbits.xen.org/xsa/advisory-464.html"}], "sourceIdentifier": "security@xen.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}