CVE-2024-31144

Name of the Vulnerable Software and Affected Versions Xapi (affected versions not specified)

Description Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories (SRs). The metadata itself is stored in a Virtual Disk Image (VDI) inside an SR. A malicious guest can manipulate its disk to appear to be a metadata backup. This can occur because a guest with one disk has a 50% chance of sorting ahead of the legitimate metadata backup, and a guest with two disks has a 75% chance, etc. The metadata VDI is located by searching each VDI, mounting it, and seeing if there is a suitable metadata file present.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.