CVE-2024-53241

Summary

In the Linux kernel, the following vulnerability has been resolved:

x86/xen: don't do PV iret hypercall through hypercall page

Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S.

This is done in preparation of no longer using hypercall page at all, as it has shown to cause problems with speculation mitigations.

This is part of XSA-466 / CVE-2024-53241.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxcdacc1278b12d929f9a053c245ff3d16eb7af9f8 < 05df6e6cd9a76b778aee33c3c18c9f3b3566d4a5affected
LinuxLinuxcdacc1278b12d929f9a053c245ff3d16eb7af9f8 < c7b4cfa6213a44fa48714186dfdf125072d036e3affected
LinuxLinuxcdacc1278b12d929f9a053c245ff3d16eb7af9f8 < fa719857f613fed94a79da055b13ca51214c694faffected
LinuxLinuxcdacc1278b12d929f9a053c245ff3d16eb7af9f8 < 82c211ead1ec440dbf81727e17b03b5e3c44b93daffected
LinuxLinuxcdacc1278b12d929f9a053c245ff3d16eb7af9f8 < f7c3fdad0a474062d566aae3289d490d7e702d30affected
LinuxLinuxcdacc1278b12d929f9a053c245ff3d16eb7af9f8 < a2796dff62d6c6bfc5fbebdf2bee0d5ac0438906affected
LinuxLinux2.6.27affected
LinuxLinux0 < 2.6.27unaffected
LinuxLinux5.10.232 <= 5.10.*unaffected
LinuxLinux5.15.175 <= 5.15.*unaffected
LinuxLinux6.1.121 <= 6.1.*unaffected
LinuxLinux6.6.67 <= 6.6.*unaffected
LinuxLinux6.12.6 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References