CVE-2024-31143
Vulnerability from cvelistv5
Published
2024-07-18 13:31
Modified
2024-09-13 17:04
Summary
An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or without a particular lock held. This error path wrongly releases the lock even when it is not currently held.
Impacted products
Vendor Product Version
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-09-13T17:04:37.447Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://xenbits.xenproject.org/xsa/advisory-458.html",
               },
               {
                  url: "http://www.openwall.com/lists/oss-security/2024/07/16/3",
               },
            ],
            title: "CVE Program Container",
         },
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "xen",
                  vendor: "xen",
                  versions: [
                     {
                        lessThan: "4.16",
                        status: "affected",
                        version: "4.4",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "HIGH",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 7.5,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "LOW",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2024-31143",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-08-21T13:31:44.467773Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-832",
                        description: "CWE-832 Unlock of a Resource that is not Locked",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-08-21T13:39:34.427Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unknown",
               product: "Xen",
               vendor: "Xen",
               versions: [
                  {
                     status: "unknown",
                     version: "consult Xen advisory XSA-458",
                  },
               ],
            },
         ],
         configurations: [
            {
               lang: "en",
               value: "Xen versions 4.4 and newer are vulnerable.  Xen versions 4.3 and older\nare not vulnerable.\n\nOnly x86 guest which have a multi-vector MSI capable device passed\nthrough to them can leverage the vulnerability.\n",
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               value: "This issue was discovered by Jan Beulich of SUSE.\n",
            },
         ],
         datePublic: "2024-07-16T11:59:00Z",
         descriptions: [
            {
               lang: "en",
               value: "An optional feature of PCI MSI called \"Multiple Message\" allows a\ndevice to use multiple consecutive interrupt vectors.  Unlike for MSI-X,\nthe setting up of these consecutive vectors needs to happen all in one\ngo.  In this handling an error path could be taken in different\nsituations, with or without a particular lock held.  This error path\nwrongly releases the lock even when it is not currently held.\n",
            },
         ],
         impacts: [
            {
               descriptions: [
                  {
                     lang: "en",
                     value: "Denial of Service (DoS) affecting the entire host, crashes, information\nleaks, or elevation of privilege all cannot be ruled out.\n",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-07-18T13:31:31.244Z",
            orgId: "23aa2041-22e1-471f-9209-9b7396fa234f",
            shortName: "XEN",
         },
         references: [
            {
               url: "https://xenbits.xenproject.org/xsa/advisory-458.html",
            },
         ],
         title: "double unlock in x86 guest IRQ handling",
         workarounds: [
            {
               lang: "en",
               value: "Not passing through multi-vector MSI capable devices to x86 guests will\navoid the vulnerability.\n",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "23aa2041-22e1-471f-9209-9b7396fa234f",
      assignerShortName: "XEN",
      cveId: "CVE-2024-31143",
      datePublished: "2024-07-18T13:31:31.244Z",
      dateReserved: "2024-03-28T18:14:12.892Z",
      dateUpdated: "2024-09-13T17:04:37.447Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2024-31143\",\"sourceIdentifier\":\"security@xen.org\",\"published\":\"2024-07-18T14:15:04.673\",\"lastModified\":\"2024-11-21T09:12:55.220\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An optional feature of PCI MSI called \\\"Multiple Message\\\" allows a\\ndevice to use multiple consecutive interrupt vectors.  Unlike for MSI-X,\\nthe setting up of these consecutive vectors needs to happen all in one\\ngo.  In this handling an error path could be taken in different\\nsituations, with or without a particular lock held.  This error path\\nwrongly releases the lock even when it is not currently held.\\n\"},{\"lang\":\"es\",\"value\":\"Una característica opcional de PCI MSI llamada \\\"Mensaje múltiple\\\" permite que un dispositivo utilice múltiples vectores de interrupción consecutivos. A diferencia de MSI-X, la configuración de estos vectores consecutivos debe realizarse de una sola vez. En este manejo se podría tomar una ruta de error en diferentes situaciones, con o sin un bloqueo particular mantenido. Esta ruta de error libera incorrectamente el bloqueo incluso cuando no está retenido actualmente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-832\"}]}],\"references\":[{\"url\":\"https://xenbits.xenproject.org/xsa/advisory-458.html\",\"source\":\"security@xen.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/16/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://xenbits.xenproject.org/xsa/advisory-458.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the vulnerability lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.