Xapi Vulnerability in Citrix Hypervisor Allowing Malicious Metadata Backup Manipulation
CVE-2024-31144

3.8LOW

Key Information:

Vendor: Xen Project Project
Status: Xen Project
Vendor: CVE Published:; 14 February 2025

What is CVE-2024-31144?

The Xapi component in Citrix Hypervisor allows for backup and restoration of metadata related to Virtual Machines (VMs) and Storage Repositories (SRs). The metadata is stored in a Virtual Disk Image (VDI) and is critical for recovery scenarios. A malicious guest could exploit this functionality by manipulating its disk to imitate a legitimate metadata backup. Given that the restoration process involves searching VDIs in UUID order to locate the required metadata, a guest with one disk has an increased probability of being erroneously identified as the metadata VDI. This aspect could be exploited, leading to unauthorized access or manipulation of critical metadata.

Affected Version(s)

Xen consult Xen advisory XSA-459

References

https://xenbits.xen.org/xsa/advisory-459.html

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 14, 2025
Vulnerability Reserved
Mar 28, 2024

Credit

This issue was discovered by XenServer.