CVE-2024-45818

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
19/12/2024
Last modified:
20/05/2025

Description

The hypervisor contains code to accelerate VGA memory accesses for HVM<br /> guests, when the (virtual) VGA is in "standard" mode. Locking involved<br /> there has an unusual discipline, leaving a lock acquired past the<br /> return from the function that acquired it. This behavior results in a<br /> problem when emulating an instruction with two memory accesses, both of<br /> which touch VGA memory (plus some further constraints which aren&amp;#39;t<br /> relevant here). When emulating the 2nd access, the lock that is already<br /> being held would be attempted to be re-acquired, resulting in a<br /> deadlock.<br /> <br /> This deadlock was already found when the code was first introduced, but<br /> was analysed incorrectly and the fix was incomplete. Analysis in light<br /> of the new finding cannot find a way to make the existing locking<br /> discipline work.<br /> <br /> In staging, this logic has all been removed because it was discovered<br /> to be accidentally disabled since Xen 4.7. Therefore, we are fixing the<br /> locking problem by backporting the removal of most of the feature. Note<br /> that even with the feature disabled, the lock would still be acquired<br /> for any accesses to the VGA MMIO region.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:* 4.6.0 (including) 4.20.0 (excluding)