github - ghsa-cjq8-723f-8fmv

ghsa-cjq8-723f-8fmv

Vulnerability from github

Published

2024-07-18 15:31

Modified

2025-04-26 21:31

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or without a particular lock held. This error path wrongly releases the lock even when it is not currently held.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-31143"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-832"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-18T14:15:04Z",
    "severity": "HIGH"
  },
  "details": "An optional feature of PCI MSI called \"Multiple Message\" allows a\ndevice to use multiple consecutive interrupt vectors.  Unlike for MSI-X,\nthe setting up of these consecutive vectors needs to happen all in one\ngo.  In this handling an error path could be taken in different\nsituations, with or without a particular lock held.  This error path\nwrongly releases the lock even when it is not currently held.",
  "id": "GHSA-cjq8-723f-8fmv",
  "modified": "2025-04-26T21:31:26Z",
  "published": "2024-07-18T15:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31143"
    },
    {
      "type": "WEB",
      "url": "https://xenbits.xenproject.org/xsa/advisory-458.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/07/16/3"
    },
    {
      "type": "WEB",
      "url": "http://xenbits.xen.org/xsa/advisory-458.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2024-31143 (GCVE-0-2024-31143)

Vulnerability from cvelistv5

Published

2024-07-18 13:31

Modified

2025-04-26 20:03

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or without a particular lock held. This error path wrongly releases the lock even when it is not currently held.

References

URL

Tags

https://xenbits.xenproject.org/xsa/advisory-458.html

Impacted products

	Vendor	Product	Version
	Xen	Xen

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-26T20:03:16.232Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://xenbits.xenproject.org/xsa/advisory-458.html"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/07/16/3"
          },
          {
            "url": "http://xenbits.xen.org/xsa/advisory-458.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xen",
            "vendor": "xen",
            "versions": [
              {
                "lessThan": "4.16",
                "status": "affected",
                "version": "4.4",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-31143",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-21T13:31:44.467773Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-832",
                "description": "CWE-832 Unlock of a Resource that is not Locked",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-21T13:39:34.427Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Xen",
          "vendor": "Xen",
          "versions": [
            {
              "status": "unknown",
              "version": "consult Xen advisory XSA-458"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "Xen versions 4.4 and newer are vulnerable.  Xen versions 4.3 and older\nare not vulnerable.\n\nOnly x86 guest which have a multi-vector MSI capable device passed\nthrough to them can leverage the vulnerability.\n"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This issue was discovered by Jan Beulich of SUSE.\n"
        }
      ],
      "datePublic": "2024-07-16T11:59:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An optional feature of PCI MSI called \"Multiple Message\" allows a\ndevice to use multiple consecutive interrupt vectors.  Unlike for MSI-X,\nthe setting up of these consecutive vectors needs to happen all in one\ngo.  In this handling an error path could be taken in different\nsituations, with or without a particular lock held.  This error path\nwrongly releases the lock even when it is not currently held.\n"
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of Service (DoS) affecting the entire host, crashes, information\nleaks, or elevation of privilege all cannot be ruled out.\n"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-18T13:31:31.244Z",
        "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
        "shortName": "XEN"
      },
      "references": [
        {
          "url": "https://xenbits.xenproject.org/xsa/advisory-458.html"
        }
      ],
      "title": "double unlock in x86 guest IRQ handling",
      "workarounds": [
        {
          "lang": "en",
          "value": "Not passing through multi-vector MSI capable devices to x86 guests will\navoid the vulnerability.\n"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
    "assignerShortName": "XEN",
    "cveId": "CVE-2024-31143",
    "datePublished": "2024-07-18T13:31:31.244Z",
    "dateReserved": "2024-03-28T18:14:12.892Z",
    "dateUpdated": "2025-04-26T20:03:16.232Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.