CVE-2024-50115
CVSS 3.1 Score 7.1 of 10 (high)
Details
Published Nov 5, 2024
Updated: Nov 8, 2024
CWE ID 125
Summary
CVE-2024-5 ignored bits 4:0 of nCR3 when loading PDPTEs in Linux kernel's nSVM, allowing potential out-of-bounds reads. The CR3 register, which points to the base address of the page-directory-pointer table, is assumed to have zeroes in bits 4:0 when aligned on a 32-byte boundary. However, nSVM disregards this assumption, leading to possible misalignment and vulnerabilities. This issue impacts nested SVM and can result in an out-of-bounds read if the target page is located at the end of a memslot and no guard pages are used.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share