Error Path in PCI MSI Leads to Lock Release Without Held
CVE-2024-31143

7.5HIGH

Key Information:

Vendor: Xen Project
Status: Xen Project
Vendor: CVE Published:; 18 July 2024

🔔 Create Xen Project Vulnerability Alert

What is CVE-2024-31143?

The PCI MSI Multiple Message feature has a vulnerability that arises during the setup of multiple consecutive interrupt vectors. This processing can result in an error state that improperly releases a lock, even when it is not held. This condition could be exploited in various scenarios, creating potential security risks for systems utilizing this feature.

Affected Version(s)

Xen consult Xen advisory XSA-458

References

https://xenbits.xenproject.org/xsa/advisory-458.html

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2024
Vulnerability Reserved
Mar 28, 2024

Credit

This issue was discovered by Jan Beulich of SUSE.