cbcvebase.
CVE-2024-31142
published 2024-05-16

CVE-2024-31142: Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative…

PriorityP355high7.5CVSS 3.1
AVNACHPRLUINSUCHIHAH
EPSS
17.44%
96.7th percentile
Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html

Affected

18 ranges
VendorProductVersion rangeFixed in
debianxen< xen 4.17.5+23-ga4e5191dc0-1 (bookworm)xen 4.17.5+23-ga4e5191dc0-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
xenxen< 4.15.64.15.6
xenxen>= 0 < 4.16.6-r04.16.6-r0
xenxen>= 0 < 4.16.6-r04.16.6-r0
xenxen>= 0 < 4.17.4-r04.17.4-r0
xenxen>= 0 < 4.18.2-r04.18.2-r0
xenxen>= 0 < 4.18.2-r04.18.2-r0
xenxen>= 0 < 4.18.2-r04.18.2-r0
xenxen>= 0 < 4.18.2-r04.18.2-r0
xenxen>= 0 < 4.18.2-r04.18.2-r0
xenxen>= 0 < 4.17.5+23-ga4e5191dc0-14.17.5+23-ga4e5191dc0-1
xenxen>= 0 < 4.19.1-14.19.1-1
xenxen>= 0 < 4.19.1-14.19.1-1
xenxen>= 4.16.0 < 4.16.64.16.6
xenxen>= 4.17.0 < 4.17.44.17.4
xenxen>= 4.18.0 < 4.18.24.18.2

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.