CVE-2024-25371

CVE-2024-25371 is an interface vulnerability in Gramine, affecting versions prior to the commit a390e33e16ed374a40de2344562a937f289be2e1. The issue stems from mismatching software signals against hardware exceptions, which can disrupt normal operation. Gramine is a library OS for running applications in secure enclaves, and this flaw was published on January 10, 2025, with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to availability impact.

A remote, unauthenticated attacker can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation leads to a denial of service, as the mismatch between software signals and hardware exceptions causes crashes or hangs in the affected Gramine runtime.

The Gramine project addressed this vulnerability in commit a390e33e16ed374a40de2344562a937f289be2e1, available at https://github.com/gramineproject/gramine/commit/a390e33e16ed374a40de2344562a937f289be2e1. A proof-of-concept is documented at https://github.com/ahoi-attacks/sigy/blob/main/pocs/gramine/cve.md, confirming the issue and demonstrating exploitation. Security practitioners should update to the fixed commit or later to mitigate the risk.