CVE-2024-45819
MEDIUMXen >= 4.8.0 - Information Exposure via Uninitialized Memory in PVH Guest ACPI Table Construction
Title source: llmDescription
PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space that is being allocated is left with its prior contents.
References (5)
Core 5
Core References
Patch, Vendor Advisory
https://xenbits.xenproject.org/xsa/advisory-464.html
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/11/12/1
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/11/12/10
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/11/12/7
Patch, Vendor Advisory
http://xenbits.xen.org/xsa/advisory-464.html
Scores
CVSS v3
5.5
EPSS
0.0010
EPSS Percentile
27.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-276
Status
published
Products (1)
xen/xen
4.8.0
Published
Dec 19, 2024
Tracked Since
Feb 18, 2026