#VU96007 Resource management error in Xen


Published: 2024-08-14

Vulnerability identifier: #VU96007

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-31146

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Xen
Server applications / Virtualization software

Vendor: Xen Project

Description

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to improper management of shared resources when using PCI pass-through. A malicious guest can escalate privileges on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Xen: All versions

External links
http://xenbits.xen.org/xsa/advisory-461.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for xen
SUSE update for xen
SUSE update for xen
SUSE update for xen
SUSE update for xen
Fedora 39 update for xen
Fedora 40 update for xen
Multiple vulnerabilities in Xen