CVE-2024-2201: CVE-2024-2201

Description

A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.

Classification

CVE ID: CVE-2024-2201

Affected Products

Vendor: Xen

Product: Xen

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 15.23% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.kb.cert.org/vuls/id/155143
https://github.com/vusec/inspectre-gadget?tab=readme-ov-file
http://www.openwall.com/lists/oss-security/2024/04/09/15
http://www.openwall.com/lists/oss-security/2024/05/07/7
http://xenbits.xen.org/xsa/advisory-456.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/6QKNCPX7CJUK4I6BRGABAUQK2DMQZUCA/
https://lists.fedoraproject.org/archives/list/[email protected]/message/D5OK6MH75S7YWD34EWW7QIZTS627RIE3/
https://lists.fedoraproject.org/archives/list/[email protected]/message/RYAZ7P6YFJ2E3FHKAGIKHWS46KYMMTZH/
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/branch-history-injection.htm

Timeline

2024-12-20 00:32:53 UTC
CVE

CVE-2024-2201
2025-03-27 12:15:25 UTC
Tenable Plugins

SUSE SLES15 Security Update : kernel (SUSE-SU-2025:1027-1)