{"id":"UBUNTU-CVE-2024-45818","details":"The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in \"standard\" mode.  Locking involved there has an unusual discipline, leaving a lock acquired past the return from the function that acquired it.  This behavior results in a problem when emulating an instruction with two memory accesses, both of which touch VGA memory (plus some further constraints which aren't relevant here).  When emulating the 2nd access, the lock that is already being held would be attempted to be re-acquired, resulting in a deadlock. This deadlock was already found when the code was first introduced, but was analysed incorrectly and the fix was incomplete.  Analysis in light of the new finding cannot find a way to make the existing locking discipline work. In staging, this logic has all been removed because it was discovered to be accidentally disabled since Xen 4.7.  Therefore, we are fixing the locking problem by backporting the removal of most of the feature.  Note that even with the feature disabled, the lock would still be acquired for any accesses to the VGA MMIO region.","modified":"2026-01-20T18:24:45.437247Z","published":"2024-12-19T12:15:00Z","upstream":["CVE-2024-45818"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-45818"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2024-45818"},{"type":"REPORT","url":"https://xenbits.xen.org/xsa/advisory-463.html"}],"affected":[{"package":{"name":"xen","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/xen@4.6.5-0ubuntu1.4?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.5.1-0ubuntu1","4.5.1-0ubuntu2","4.6.0-1ubuntu1","4.6.0-1ubuntu2","4.6.0-1ubuntu4","4.6.0-1ubuntu4.1","4.6.0-1ubuntu4.2","4.6.0-1ubuntu4.3","4.6.5-0ubuntu1","4.6.5-0ubuntu1.1","4.6.5-0ubuntu1.2","4.6.5-0ubuntu1.4"],"ecosystem_specific":{"binaries":[{"binary_version":"4.6.5-0ubuntu1.4","binary_name":"libxen-4.6"},{"binary_version":"4.6.5-0ubuntu1.4","binary_name":"libxen-dev"},{"binary_version":"4.6.5-0ubuntu1.4","binary_name":"libxenstore3.0"},{"binary_version":"4.6.5-0ubuntu1.4","binary_name":"xen-hypervisor-4.4-amd64"},{"binary_version":"4.6.5-0ubuntu1.4","binary_name":"xen-hypervisor-4.4-arm64"},{"binary_version":"4.6.5-0ubuntu1.4","binary_name":"xen-hypervisor-4.4-armhf"},{"binary_version":"4.6.5-0ubuntu1.4","binary_name":"xen-hypervisor-4.5-amd64"},{"binary_version":"4.6.5-0ubuntu1.4","binary_name":"xen-hypervisor-4.5-arm64"},{"binary_version":"4.6.5-0ubuntu1.4","binary_name":"xen-hypervisor-4.5-armhf"},{"binary_version":"4.6.5-0ubuntu1.4","binary_name":"xen-hypervisor-4.6-amd64"},{"binary_version":"4.6.5-0ubuntu1.4","binary_name":"xen-hypervisor-4.6-arm64"},{"binary_version":"4.6.5-0ubuntu1.4","binary_name":"xen-hypervisor-4.6-armhf"},{"binary_version":"4.6.5-0ubuntu1.4","binary_name":"xen-system-amd64"},{"binary_version":"4.6.5-0ubuntu1.4","binary_name":"xen-system-arm64"},{"binary_version":"4.6.5-0ubuntu1.4","binary_name":"xen-system-armhf"},{"binary_version":"4.6.5-0ubuntu1.4","binary_name":"xen-utils-4.6"},{"binary_version":"4.6.5-0ubuntu1.4","binary_name":"xen-utils-common"},{"binary_version":"4.6.5-0ubuntu1.4","binary_name":"xenstore-utils"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45818.json"}},{"package":{"name":"xen","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/xen@4.9.2-0ubuntu1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.9.0-0ubuntu3","4.9.0-0ubuntu4","4.9.2-0ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"4.9.2-0ubuntu1","binary_name":"libxen-4.9"},{"binary_version":"4.9.2-0ubuntu1","binary_name":"libxen-dev"},{"binary_version":"4.9.2-0ubuntu1","binary_name":"libxenstore3.0"},{"binary_version":"4.9.2-0ubuntu1","binary_name":"xen-hypervisor-4.6-amd64"},{"binary_version":"4.9.2-0ubuntu1","binary_name":"xen-hypervisor-4.6-arm64"},{"binary_version":"4.9.2-0ubuntu1","binary_name":"xen-hypervisor-4.6-armhf"},{"binary_version":"4.9.2-0ubuntu1","binary_name":"xen-hypervisor-4.7-amd64"},{"binary_version":"4.9.2-0ubuntu1","binary_name":"xen-hypervisor-4.7-arm64"},{"binary_version":"4.9.2-0ubuntu1","binary_name":"xen-hypervisor-4.7-armhf"},{"binary_version":"4.9.2-0ubuntu1","binary_name":"xen-hypervisor-4.8-amd64"},{"binary_version":"4.9.2-0ubuntu1","binary_name":"xen-hypervisor-4.8-arm64"},{"binary_version":"4.9.2-0ubuntu1","binary_name":"xen-hypervisor-4.8-armhf"},{"binary_version":"4.9.2-0ubuntu1","binary_name":"xen-hypervisor-4.9-amd64"},{"binary_version":"4.9.2-0ubuntu1","binary_name":"xen-hypervisor-4.9-arm64"},{"binary_version":"4.9.2-0ubuntu1","binary_name":"xen-hypervisor-4.9-armhf"},{"binary_version":"4.9.2-0ubuntu1","binary_name":"xen-system-amd64"},{"binary_version":"4.9.2-0ubuntu1","binary_name":"xen-system-arm64"},{"binary_version":"4.9.2-0ubuntu1","binary_name":"xen-system-armhf"},{"binary_version":"4.9.2-0ubuntu1","binary_name":"xen-utils-4.9"},{"binary_version":"4.9.2-0ubuntu1","binary_name":"xen-utils-common"},{"binary_version":"4.9.2-0ubuntu1","binary_name":"xenstore-utils"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45818.json"}},{"package":{"name":"xen","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/xen@4.11.3+24-g14b62ab3e5-1ubuntu2.3?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.9.2-0ubuntu2","4.9.2-0ubuntu6","4.9.2-0ubuntu7","4.11.3+24-g14b62ab3e5-1ubuntu1","4.11.3+24-g14b62ab3e5-1ubuntu2","4.11.3+24-g14b62ab3e5-1ubuntu2.2","4.11.3+24-g14b62ab3e5-1ubuntu2.3"],"ecosystem_specific":{"binaries":[{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"libxen-dev"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"libxencall1"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"libxendevicemodel1"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"libxenevtchn1"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"libxenforeignmemory1"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"libxengnttab1"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"libxenmisc4.11"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"libxenstore3.0"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"libxentoolcore1"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"libxentoollog1"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-hypervisor-4.11-amd64"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-hypervisor-4.11-arm64"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-hypervisor-4.11-armhf"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-hypervisor-4.9-amd64"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-hypervisor-4.9-arm64"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-hypervisor-4.9-armhf"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-hypervisor-common"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-system-amd64"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-system-arm64"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-system-armhf"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-utils-4.11"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-utils-common"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xenstore-utils"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45818.json"}},{"package":{"name":"xen","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/xen@4.16.0-1~ubuntu2.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.11.4+24-gddaaccbbab-1ubuntu2","4.16.0-1~ubuntu2","4.16.0-1~ubuntu2.1"],"ecosystem_specific":{"binaries":[{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"libxen-dev"},{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"libxencall1"},{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"libxendevicemodel1"},{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"libxenevtchn1"},{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"libxenforeignmemory1"},{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"libxengnttab1"},{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"libxenhypfs1"},{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"libxenmisc4.16"},{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"libxenstore4"},{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"libxentoolcore1"},{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"libxentoollog1"},{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"xen-hypervisor-4.16-amd64"},{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"xen-hypervisor-4.16-arm64"},{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"xen-hypervisor-4.16-armhf"},{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"xen-hypervisor-common"},{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"xen-system-amd64"},{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"xen-system-arm64"},{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"xen-system-armhf"},{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"xen-utils-4.16"},{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"xen-utils-common"},{"binary_version":"4.16.0-1~ubuntu2.1","binary_name":"xenstore-utils"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45818.json"}},{"package":{"name":"xen","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/xen@4.17.3+10-g091466ba55-1.1ubuntu3?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.17.2-1","4.17.2+55-g0b56bed864-1","4.17.2+76-ge1f9cb16e2-1","4.17.2+76-ge1f9cb16e2-1ubuntu1","4.17.3+10-g091466ba55-1","4.17.3+10-g091466ba55-1.1ubuntu2","4.17.3+10-g091466ba55-1.1ubuntu3"],"ecosystem_specific":{"binaries":[{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"libxen-dev"},{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"libxencall1t64"},{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"libxendevicemodel1t64"},{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"libxenevtchn1t64"},{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"libxenforeignmemory1t64"},{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"libxengnttab1t64"},{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"libxenhypfs1t64"},{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"libxenmisc4.17t64"},{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"libxenstore4t64"},{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"libxentoolcore1t64"},{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"libxentoollog1t64"},{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"xen-hypervisor-4.17-amd64"},{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"xen-hypervisor-4.17-arm64"},{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"xen-hypervisor-4.17-armhf"},{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"xen-hypervisor-common"},{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"xen-system-amd64"},{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"xen-system-arm64"},{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"xen-system-armhf"},{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"xen-utils-4.17"},{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"xen-utils-common"},{"binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3","binary_name":"xenstore-utils"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45818.json"}},{"package":{"name":"xen","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/xen@4.20.0+68-g35cb38b222-1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.20.0-1ubuntu1","4.20.0+68-g35cb38b222-1"],"ecosystem_specific":{"binaries":[{"binary_version":"4.20.0+68-g35cb38b222-1","binary_name":"libxen-dev"},{"binary_version":"4.20.0+68-g35cb38b222-1","binary_name":"libxencall1"},{"binary_version":"4.20.0+68-g35cb38b222-1","binary_name":"libxendevicemodel1"},{"binary_version":"4.20.0+68-g35cb38b222-1","binary_name":"libxenevtchn1"},{"binary_version":"4.20.0+68-g35cb38b222-1","binary_name":"libxenforeignmemory1"},{"binary_version":"4.20.0+68-g35cb38b222-1","binary_name":"libxengnttab1"},{"binary_version":"4.20.0+68-g35cb38b222-1","binary_name":"libxenhypfs1"},{"binary_version":"4.20.0+68-g35cb38b222-1","binary_name":"libxenmisc4.20"},{"binary_version":"4.20.0+68-g35cb38b222-1","binary_name":"libxenstore4"},{"binary_version":"4.20.0+68-g35cb38b222-1","binary_name":"libxentoolcore1"},{"binary_version":"4.20.0+68-g35cb38b222-1","binary_name":"libxentoollog1"},{"binary_version":"4.20.0+68-g35cb38b222-1","binary_name":"xen-hypervisor-4.20-amd64"},{"binary_version":"4.20.0+68-g35cb38b222-1","binary_name":"xen-hypervisor-4.20-arm64"},{"binary_version":"4.20.0+68-g35cb38b222-1","binary_name":"xen-hypervisor-common"},{"binary_version":"4.20.0+68-g35cb38b222-1","binary_name":"xen-system-amd64"},{"binary_version":"4.20.0+68-g35cb38b222-1","binary_name":"xen-system-arm64"},{"binary_version":"4.20.0+68-g35cb38b222-1","binary_name":"xen-utils-4.20"},{"binary_version":"4.20.0+68-g35cb38b222-1","binary_name":"xen-utils-common"},{"binary_version":"4.20.0+68-g35cb38b222-1","binary_name":"xenstore-utils"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45818.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]}