CVE-2024-31142
published 2024-05-16CVE-2024-31142: Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative…
PriorityP355high7.5CVSS 3.1
AVNACHPRLUINSUCHIHAH
EPSS
17.44%
96.7th percentile
Because of a logical error in XSA-407 (Branch Type Confusion), the
mitigation is not applied properly when it is intended to be used.
XSA-434 (Speculative Return Stack Overflow) uses the same
infrastructure, so is equally impacted.
For more details, see:
https://xenbits.xen.org/xsa/advisory-407.html
https://xenbits.xen.org/xsa/advisory-434.html
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | xen | < xen 4.17.5+23-ga4e5191dc0-1 (bookworm) | xen 4.17.5+23-ga4e5191dc0-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| xen | xen | < 4.15.6 | 4.15.6 |
| xen | xen | >= 0 < 4.16.6-r0 | 4.16.6-r0 |
| xen | xen | >= 0 < 4.16.6-r0 | 4.16.6-r0 |
| xen | xen | >= 0 < 4.17.4-r0 | 4.17.4-r0 |
| xen | xen | >= 0 < 4.18.2-r0 | 4.18.2-r0 |
| xen | xen | >= 0 < 4.18.2-r0 | 4.18.2-r0 |
| xen | xen | >= 0 < 4.18.2-r0 | 4.18.2-r0 |
| xen | xen | >= 0 < 4.18.2-r0 | 4.18.2-r0 |
| xen | xen | >= 0 < 4.18.2-r0 | 4.18.2-r0 |
| xen | xen | >= 0 < 4.17.5+23-ga4e5191dc0-1 | 4.17.5+23-ga4e5191dc0-1 |
| xen | xen | >= 0 < 4.19.1-1 | 4.19.1-1 |
| xen | xen | >= 0 < 4.19.1-1 | 4.19.1-1 |
| xen | xen | >= 4.16.0 < 4.16.6 | 4.16.6 |
| xen | xen | >= 4.17.0 < 4.17.4 | 4.17.4 |
| xen | xen | >= 4.18.0 < 4.18.2 | 4.18.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g7qc-r5p9-r36r: Because of a logical error in XSA-407 (Branch Type Confusion), the
mitigation is not applied properly when it is intended to be used
ghsa_unreviewed·2024-05-16
CVE-2024-31142 [HIGH] CWE-693 GHSA-g7qc-r5p9-r36r: Because of a logical error in XSA-407 (Branch Type Confusion), the
mitigation is not applied properly when it is intended to be used
Because of a logical error in XSA-407 (Branch Type Confusion), the
mitigation is not applied properly when it is intended to be used.
XSA-434 (Speculative Return Stack Overflow) uses the same
infrastructure, so is equally impacted.
For more details, see:
https://xenbits.xen.org/xsa/advisory-407.html
https://xenbits.xen.org/xsa/advisory-434.html
OSV
CVE-2024-31142: Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used
osv·2024-05-16·CVSS 7.5
CVE-2024-31142 [HIGH] CVE-2024-31142: Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used
Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html
OSV
CVE-2024-31142: Because of a logical error in XSA-407 (Branch Type Confusion), the
mitigation is not applied properly when it is intended to be used
osv·2024-05-16·CVSS 7.5
CVE-2024-31142 [HIGH] CVE-2024-31142: Because of a logical error in XSA-407 (Branch Type Confusion), the
mitigation is not applied properly when it is intended to be used
Because of a logical error in XSA-407 (Branch Type Confusion), the
mitigation is not applied properly when it is intended to be used.
XSA-434 (Speculative Return Stack Overflow) uses the same
infrastructure, so is equally impacted.
For more details, see:
https://xenbits.xen.org/xsa/advisory-407.html
https://xenbits.xen.org/xsa/advisory-434.html
Debian
CVE-2024-31142: xen - Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is...
vendor_debian·2024·CVSS 7.5
CVE-2024-31142 [HIGH] CVE-2024-31142: xen - Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is...
Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html
Scope: local
bookworm: resolved (fixed in 4.17.5+23-ga4e5191dc0-1)
bullseye: open
forky: resolved (fixed in 4.19.1-1)
sid: resolved (fixed in 4.19.1-1)
trixie: resolved (fixed in 4.19.1-1)
No detection rules found.
No public exploits indexed.
https://xenbits.xenproject.org/xsa/advisory-455.htmlhttp://xenbits.xen.org/xsa/advisory-455.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/D5OK6MH75S7YWD34EWW7QIZTS627RIE3/https://lists.fedoraproject.org/archives/list/[email protected]/message/RYAZ7P6YFJ2E3FHKAGIKHWS46KYMMTZH/https://xenbits.xenproject.org/xsa/advisory-455.html
2024-05-16
Published