CVE-2024-31146

CVSS v3.1

7.5

High

Vector

AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Xen (affected versions not specified)

Description The issue arises when multiple devices share resources and one of them is passed through to a guest, making it impossible to guarantee the security of the entire system and individual guests without knowing the internals of the involved guests. Resources known to be problematic when shared include PCI Base Address Registers (BARs) of multiple devices mapping to the same page (4k on x86) and INTx lines.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-400

Related Identifiers

BDU:2024-07434

CVE-2024-31146

DSA-5836-1

MGASA-2025-0270

OPENSUSE-SU-2024:14283-1

OPENSUSE-SU-2024_3001-1

OPENSUSE-SU-2024_3075-1

OPENSUSE-SU-2024_3113-1

OPENSUSE-SU-2024_3423-1

SUSE-SU-2024:2994-1

SUSE-SU-2024:3001-1

SUSE-SU-2024:3010-1

SUSE-SU-2024:3075-1

SUSE-SU-2024:3113-1

SUSE-SU-2024:3423-1

SUSE-SU-2024:3586-1

Affected Products

Debian

Red Os

Suse

Xen

CVE-2024-31146

Weakness Enumeration

Related Identifiers

Affected Products

References · 79