Multiple vulnerabilities in Xen

Published: 2024-07-17

Risk	Medium
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2024-31143 CVE-2024-31144
CWE-ID	CWE-667 CWE-74
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Xen Server applications / Virtualization software
Vendor	Xen Project

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper locking

EUVDB-ID: #VU94499

Risk: Medium

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:U/U:Green]

CVE-ID: CVE-2024-31143

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to double unlock in x86 guest IRQ handling. An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. A malicious guest can crash the hypervisor.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Xen: 4.4.0 - 4.4.4

CPE2.3

External links

https://xenbits.xen.org/xsa/advisory-458.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper neutralization of special elements in output used by a downstream component

EUVDB-ID: #VU94498

Risk: Medium

CVSSv4.0: 1.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Green]

CVE-ID: CVE-2024-31144

CWE-ID: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')