CVE-2024-45819

PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space that is being allocated is left with its prior contents.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://xenbits.xenproject.org/xsa/advisory-464.html
http://www.openwall.com/lists/oss-security/2024/11/12/1
http://www.openwall.com/lists/oss-security/2024/11/12/10
http://www.openwall.com/lists/oss-security/2024/11/12/7
http://xenbits.xen.org/xsa/advisory-464.html

Configurations

No configuration.

History

31 Dec 2024, 19:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-276
Summary		(es) Las tablas ACPI de los invitados PVH se construyen mediante la pila de herramientas. La construcción implica la creación de las tablas en la memoria local, que luego se copian en la memoria del invitado. Si bien las partes realmente utilizadas de la memoria local se completan correctamente, el espacio sobrante que se está asignando se deja con su contenido anterior.

19 Dec 2024, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-19 12:15

Updated : 2024-12-31 19:15

NVD link : CVE-2024-45819

Mitre link : CVE-2024-45819

CVE.ORG link : CVE-2024-45819

JSON object : View

Products Affected

No product.

CWE

CWE-276

Incorrect Default Permissions

5.5 /10