CVE-2024-45817

Name of the Vulnerable Software and Affected Versions: Xen (affected versions not specified) XenServer 8 Citrix Hypervisor 8.2 CU1

Description: The issue is related to the x86's APIC architecture, where error conditions are reported in a status register. The OS can opt to receive an interrupt when a new error occurs. It is possible to configure the error interrupt with an illegal vector, which generates an error when an error interrupt is raised. This case causes Xen to recurse through vlapic error(). The recursion itself is bounded; errors accumulate in the status register and only generate an interrupt when a new status bit becomes set. However, the lock protecting this state in Xen will try to be taken recursively, and deadlock. A malicious guest admin could exploit this issue to crash the host.

Recommendations: As a temporary workaround, consider disabling the vlapic error() function until a patch is available. Apply the available updates for XenServer 8 and Citrix Hypervisor 8.2 CU1 to protect your systems. Restrict access to the vulnerable vlapic error() function to minimize the risk of exploitation.