#VU96007 Resource management error in Xen - CVE-2024-31146


Vulnerability identifier: #VU96007

Vulnerability risk: Medium

CVSSv4.0: 6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-31146

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Xen
Server applications / Virtualization software

Vendor: Xen Project

Description

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to improper management of shared resources when using PCI pass-through. A malicious guest can escalate privileges on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Xen: All versions

External links
http://xenbits.xen.org/xsa/advisory-461.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell Cloud Tiering Appliance
Debian update for xen
Multiple vulnerabilities in Dell PowerStore T
SUSE update for xen
SUSE update for xen
SUSE update for xen
SUSE update for xen
SUSE update for xen
SUSE update for xen
SUSE update for xen