Inadequate Security Support for Resource Sharing
CVE-2024-31146

Currently unrated

Key Information:

Vendor: Xen Project
Status: Xen
Vendor: CVE Published:; 25 September 2024

What is CVE-2024-31146?

When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration cannot really be security-supported, yet making that explicit was so far missing.

Resources the sharing of which is known to be problematic include, but are not limited to

- PCI Base Address Registers (BARs) of multiple devices mapping to the same page (4k on x86),
- INTx lines.

Affected Version(s)

Xen consult Xen advisory XSA-461

References

https://xenbits.xenproject.org/xsa/advisory-461.html

Timeline

Vulnerability published
Sep 25, 2024
Vulnerability Reserved
Mar 28, 2024

Xen Project

What is CVE-2024-31146?

Affected Version(s)

References

Timeline