{"id":"CVE-2024-53241","summary":"x86/xen: don't do PV iret hypercall through hypercall page","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86/xen: don't do PV iret hypercall through hypercall page\n\nInstead of jumping to the Xen hypercall page for doing the iret\nhypercall, directly code the required sequence in xen-asm.S.\n\nThis is done in preparation of no longer using hypercall page at all,\nas it has shown to cause problems with speculation mitigations.\n\nThis is part of XSA-466 / CVE-2024-53241.","modified":"2026-04-16T00:07:28.734166131Z","published":"2024-12-24T09:24:42.212Z","related":["ALSA-2025:20095","ALSA-2025:20518","ALSA-2025:3893","ALSA-2025:3894","SUSE-SU-2025:0117-1","SUSE-SU-2025:0142-1","SUSE-SU-2025:0153-1","SUSE-SU-2025:0154-1","SUSE-SU-2025:01850-1","SUSE-SU-2025:01860-1","SUSE-SU-2025:0201-1","SUSE-SU-2025:0201-2","SUSE-SU-2025:0203-1","SUSE-SU-2025:0229-1","SUSE-SU-2025:0231-1","SUSE-SU-2025:02326-1","SUSE-SU-2025:0289-1","SUSE-SU-2025:20165-1","SUSE-SU-2025:20166-1","SUSE-SU-2025:20248-1","SUSE-SU-2025:20249-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53241.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/12/17/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/12/23/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/01/05/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/01/05/2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/05df6e6cd9a76b778aee33c3c18c9f3b3566d4a5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/82c211ead1ec440dbf81727e17b03b5e3c44b93d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a2796dff62d6c6bfc5fbebdf2bee0d5ac0438906"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c7b4cfa6213a44fa48714186dfdf125072d036e3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f7c3fdad0a474062d566aae3289d490d7e702d30"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fa719857f613fed94a79da055b13ca51214c694f"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"http://xenbits.xen.org/xsa/advisory-466.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53241.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53241"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"cdacc1278b12d929f9a053c245ff3d16eb7af9f8"},{"fixed":"05df6e6cd9a76b778aee33c3c18c9f3b3566d4a5"},{"fixed":"c7b4cfa6213a44fa48714186dfdf125072d036e3"},{"fixed":"fa719857f613fed94a79da055b13ca51214c694f"},{"fixed":"82c211ead1ec440dbf81727e17b03b5e3c44b93d"},{"fixed":"f7c3fdad0a474062d566aae3289d490d7e702d30"},{"fixed":"a2796dff62d6c6bfc5fbebdf2bee0d5ac0438906"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53241.json"}}],"schema_version":"1.7.5"}