Products
Xen Hypervisor
- UNKNOWN
Source
security@xen.org
Tags
CVE-2024-31146 details
Last Modified : Sept. 25, 2024, 2:35 p.m.
Description
When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration cannot really be security-supported, yet making that explicit was so far missing. Resources the sharing of which is known to be problematic include, but are not limited to - - PCI Base Address Registers (BARs) of multiple devices mapping to the same page (4k on x86), - - INTx lines.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7.5 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-400 | Uncontrolled Resource Consumption | The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
7.5
Exploitability Score
0.8
Impact Score
6.0
Base Severity
HIGH
Vector String : CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://xenbits.xenproject.org/xsa/advisory-461.html | security@xen.org |