x86: Incorrect logic for BTC/SRSO mitigations
CVE-2024-31142

7.5HIGH

Key Information:

Vendor: Xen Project
Status: Xen Project
Vendor: CVE Published:; 16 May 2024

What is CVE-2024-31142?

The vulnerability is due to a logical error in the Xen Hypervisor affected by XSA-407, where a logical misconfiguration results in the improper application of mitigations that are crucial for maintaining security integrity. This issue also impacts XSA-434, which utilizes similar underlying infrastructure, making it essential for users to review affected versions for potential exposure.

Affected Version(s)

Xen consult Xen advisory XSA-455

References

https://xenbits.xenproject.org/xsa/advisory-455.html

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 16, 2024
Vulnerability Reserved
Mar 28, 2024

Credit

This issue was discovered by Andrew Cooper of XenServer.

Xen Project

What is CVE-2024-31142?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit