Multiple vulnerabilities in Xen



Published: 2024-07-17
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2024-31143
CVE-2024-31144
CWE-ID CWE-667
CWE-74
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Xen
Server applications / Virtualization software

Vendor Xen Project

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper locking

EUVDB-ID: #VU94499

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-31143

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to double unlock in x86 guest IRQ handling. An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. A malicious guest can crash the hypervisor.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Xen: 4.4.0 - 4.4.4

External links

http://xenbits.xen.org/xsa/advisory-458.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper neutralization of special elements in output used by a downstream component

EUVDB-ID: #VU94498

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-31144

CWE-ID: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Exploit availability: No

Description

The vulnerability allows a malicious guest to compromise other guests.

The vulnerability exists due to improper validation of metadata in xapi when restoring data from backup. A malicious guest can manipulate disks to appear to be a metadata backup and trick the guest administrator to recover the system from a malicious backup.

Systems running Xapi v1.249.x are affected.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Xen: All versions

External links

http://xenbits.xen.org/xsa/advisory-459.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###