{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-2201","assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","state":"PUBLISHED","assignerShortName":"certcc","dateReserved":"2024-03-05T19:12:39.649Z","datePublished":"2024-12-19T20:28:31.596Z","dateUpdated":"2025-01-09T16:40:32.522Z"},"containers":{"cna":{"title":"CVE-2024-2201","descriptions":[{"lang":"en","value":"A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems."}],"source":{"discovery":"UNKNOWN"},"affected":[{"vendor":"Xen","product":"Xen","versions":[{"status":"affected","version":"See advisory \"x86: Native Branch History Injection\""}]}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-1423"}]}],"references":[{"url":"https://www.kb.cert.org/vuls/id/155143"},{"url":"https://github.com/vusec/inspectre-gadget?tab=readme-ov-file"},{"url":"http://www.openwall.com/lists/oss-security/2024/04/09/15"},{"url":"http://www.openwall.com/lists/oss-security/2024/05/07/7"},{"url":"http://xenbits.xen.org/xsa/advisory-456.html"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QKNCPX7CJUK4I6BRGABAUQK2DMQZUCA/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5OK6MH75S7YWD34EWW7QIZTS627RIE3/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYAZ7P6YFJ2E3FHKAGIKHWS46KYMMTZH/"},{"url":"https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/branch-history-injection.htm"}],"x_generator":{"engine":"VINCE 3.0.11","env":"prod","origin":"https://cveawg.mitre.org/api/cve/CVE-2024-2201"},"providerMetadata":{"orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc","dateUpdated":"2024-12-19T20:29:32.134Z"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-noinfo Not enough information"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":4.7,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"HIGH","availabilityImpact":"NONE","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-12-31T18:51:54.984364Z","id":"CVE-2024-2201","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-09T16:40:32.522Z"}}]}}