CVE-2024-45818
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
19/12/2024
Last modified:
20/05/2025
Description
The hypervisor contains code to accelerate VGA memory accesses for HVM<br />
guests, when the (virtual) VGA is in "standard" mode. Locking involved<br />
there has an unusual discipline, leaving a lock acquired past the<br />
return from the function that acquired it. This behavior results in a<br />
problem when emulating an instruction with two memory accesses, both of<br />
which touch VGA memory (plus some further constraints which aren&#39;t<br />
relevant here). When emulating the 2nd access, the lock that is already<br />
being held would be attempted to be re-acquired, resulting in a<br />
deadlock.<br />
<br />
This deadlock was already found when the code was first introduced, but<br />
was analysed incorrectly and the fix was incomplete. Analysis in light<br />
of the new finding cannot find a way to make the existing locking<br />
discipline work.<br />
<br />
In staging, this logic has all been removed because it was discovered<br />
to be accidentally disabled since Xen 4.7. Therefore, we are fixing the<br />
locking problem by backporting the removal of most of the feature. Note<br />
that even with the feature disabled, the lock would still be acquired<br />
for any accesses to the VGA MMIO region.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:* | 4.6.0 (including) | 4.20.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page