CVE-2024-31145Uncontrolled Resource Consumption in XEN

CWE-400Uncontrolled Resource Consumption6 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 77.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XENDebian XEN
Timeline
PublishedSep 25

Description

Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. In the logic establishing these mappings, error ha

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages4 packages

debiandebian/xen< xen 4.17.5+23-ga4e5191dc0-1 (bookworm)
Alpinexen/xen< 4.16.6-r1+6
Debianxen/xen< 4.17.5+23-ga4e5191dc0-1+2
NVDxen/xen

Patches

Patch: xenbits.xenproject.orgPatch: xenbits.xen.org

🔴Vulnerability Details

4
OSV
CVE-2024-31145: Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or U2024-09-25
GHSA
GHSA-38h7-7925-fvwv: Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or U2024-09-25
OSV
CVE-2024-31145: Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or U2024-09-25
CVEList
error handling in x86 IOMMU identity mapping2024-09-25

📋Vendor Advisories

1
Debian
CVE-2024-31145: xen - Certain PCI devices in a system might be assigned Reserved Memory Regions (speci...2024