Vulnerability Description
When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration cannot really be security-supported, yet making that explicit was so far missing. Resources the sharing of which is known to be problematic include, but are not limited to - - PCI Base Address Registers (BARs) of multiple devices mapping to the same page (4k on x86), - - INTx lines.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | - |
Related Weaknesses (CWE)
References
- https://xenbits.xenproject.org/xsa/advisory-461.htmlPatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2024/08/14/3Mailing ListThird Party Advisory
- http://xenbits.xen.org/xsa/advisory-461.htmlPatchVendor Advisory
FAQ
What is CVE-2024-31146?
CVE-2024-31146 is a vulnerability with a CVSS score of 7.5 (HIGH). When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowin...
How severe is CVE-2024-31146?
CVE-2024-31146 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-31146?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.