What is CVE-2024-2201?

CVE-2024-2201 is a vulnerability in Xen, classified under CWE-1423. Published 2024-12-19.

Is CVE-2024-2201 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Xen

CVE-2024-2201

A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.

EPSS: 0.000 (8.9th percentile) — read the EPSS interpretation.

Affected products

Xen — versions See advisory "x86: Native Branch History Injection"

Weakness classification (CWE)

CWE-1423

Public proof-of-concept exploits

EGI-Federation/SVG-advisories

References

www.kb.cert.org/vuls/id/155143
github.com/vusec/inspectre-gadget
www.openwall.com/lists/oss-security/2024/04/09/15
www.openwall.com/lists/oss-security/2024/05/07/7
xenbits.xen.org/xsa/advisory-456.html
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
www.intel.com/content/www/us/en/developer/articles/technical/software-security-…

Frequently asked questions

What is CVE-2024-2201?: CVE-2024-2201 is a vulnerability in Xen, classified under CWE-1423. Published 2024-12-19.
Is CVE-2024-2201 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.