DEBIAN-CVE-2024-50115

Advisory lineage Upstream: 1 Downstream: 2
Upstream
CVE-2024-50115
Published: 05 Nov 2024, 18:15
Last modified:28 Apr 2026, 20:28

Vulnerability Summary

Overall Risk (default)
medium
28/100
CVSS Score
7.1 HIGH
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

05 Nov 2024, 18:15
Published
Vulnerability first disclosed
28 Apr 2026, 20:28
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits 4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't enforce 32-byte alignment of nCR3. In the absolute worst case scenario, failure to ignore bits 4:0 can result in an out-of-bounds read, e.g. if the target page is at the end of a memslot, and the VMM isn't using guard pages. Per the APM: The CR3 register points to the base address of the page-directory-pointer table. The page-directory-pointer table is aligned on a 32-byte boundary, with the low 5 address bits 4:0 assumed to be 0. And the SDM's much more explicit: 4:0 Ignored Note, KVM gets this right when loading PDPTRs, it's only the nSVM flow that is broken.

CVSS Metrics

  • v3.1HIGHScore: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Systems

  • debianlinux

    < 5.10.234-1 | < 6.1.115-1 | < 6.11.6-1 | < 6.11.6-1

  • debianlinux-6.1

    < 6.1.119-1~deb11u1

References (1)