Xen x86 APIC error interrupt deadlock in vlapic_error()
CVE-2024-45817 is a denial-of-service vulnerability in Xen’s handling of x86 APIC error interrupts. In the x86 APIC architecture, error conditions are recorded in a status register and the OS may request delivery of an interrupt when a new error occurs. If the APIC error interrupt is configured with an illegal vector, raising that error interrupt itself generates another error. In Xen, this can cause recursive re-entry into vlapic_error(). Although the recursion is bounded because additional interrupts are only generated when new status bits are set, the lock protecting the relevant APIC error state is acquired again during recursive handling, resulting in recursive lock acquisition and deadlock.
Are you exposed to this one?
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
Impact, mitigation & remediation
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
Impact
What an attacker gets, and what they’ve been doing with it.
Mitigation
If you can’t patch tonight, do this now.
Remediation
Patch, then assume compromise.
Exploits
No public exploits tracked yet. Mallory keeps watching.
No public exploit code observed for this vulnerability.
Affected products & vendors
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
Recent activity
3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A vulnerability in Citrix XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR that allows a malicious administrator of a guest VM to crash the host or render it unresponsive (denial of service).
A vulnerability in XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR that can cause the host to crash or become unresponsive due to a deadlock condition involving recursive calls guarded by a mutex in x86 APIC error reporting.
A deadlock vulnerability related to recursive calls guarded by a mutex in x86 APIC error reporting that could allow a malicious guest VM administrator to crash or hang the host.
The version that knows your environment.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.