CVE-2024-2201

NameCVE-2024-2201
DescriptionNative Branch History Injection
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-5658-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)buster4.19.249-2vulnerable
buster (security)4.19.304-1vulnerable
bullseye5.10.209-2vulnerable
bullseye (security)5.10.216-1vulnerable
bookworm6.1.76-1vulnerable
bookworm (security)6.1.90-1fixed
trixie6.7.12-1vulnerable
sid6.8.11-1fixed
xen (PTS)buster, buster (security)4.11.4+107-gef32c7afa2-1vulnerable
bullseye4.14.6-1vulnerable
bullseye (security)4.14.5+94-ge49571868d-1vulnerable
bookworm4.17.3+10-g091466ba55-1~deb12u1vulnerable
sid, trixie4.17.3+36-g54dacb5c02-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcebookworm6.1.85-1DSA-5658-1
linuxsource(unstable)6.8.9-1
xensourcebuster(unfixed)end-of-life
xensourcebullseye(unfixed)end-of-life
xensource(unstable)(unfixed)

Notes

[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
[buster] - xen <end-of-life> (DSA 4677-1)
https://vusec.net/projects/native-bhi
https://download.vusec.net/papers/inspectre_sec24.pdf
https://xenbits.xen.org/xsa/advisory-456.html

Search for package or bug name: Reporting problems