PT-2024-9744 · Linux+8 · Linux Kernel+8
Andrew Cooper
·
Published
2024-12-10
·
Updated
2025-11-12
·
CVE-2024-53241
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.74
Description
The issue is related to the x86/xen component of the Linux kernel, where the PV iret hypercall was previously done through the hypercall page. This has been changed to directly code the required sequence in xen-asm.S, in preparation for no longer using the hypercall page due to problems with speculation mitigations. The vulnerability may allow a remote attacker to gain unauthorized access to protected information due to an incorrect sequence of processor instructions resulting from the lack of an ENDBR instruction and prolog/epilog for hash-based CFI schemes.
Recommendations
For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider disabling the use of the hypercall page until a patch is available. Restrict access to the xen-asm.S component to minimize the risk of exploitation. Avoid using the vulnerable sequence in the x86/xen component until the issue is resolved.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Debian
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse