Vulnerability in Hypervisor Affecting Xen Project VGA Memory Management
CVE-2024-45818

Currently unrated

Key Information:

Vendor: Xen Project
Status: Xen
Vendor: CVE Published:; 19 December 2024

What is CVE-2024-45818?

CVE-2024-45818 highlights a significant vulnerability within the Xen Hypervisor that affects the management of VGA memory accesses for HVM (Hardware Virtual Machine) guests. The vulnerability stems from improper locking mechanisms, where a lock is maintained past the expected return from its controlling function. This results in a potential deadlock situation when emulating instructions involving multiple memory accesses to VGA memory. Although the issue was identified previously, earlier fixes were incomplete, leading to a re-examination of the functionality that has been disabled since Xen version 4.7. The current approach focuses on rectifying the locking practice by backporting the removal of the faulty feature to ensure greater stability and security for users.

Affected Version(s)

Xen consult Xen advisory XSA-463

References

https://xenbits.xenproject.org/xsa/advisory-463.html

Timeline

Vulnerability published
Dec 19, 2024

Credit

This issue was discovered by Manuel Andreas of Technical University of Munich.