CVE-2024-31143
HIGHXen >=4.4.0 - Use-After-Free in PCI MSI Multiple Message Error Handling
Title source: llmDescription
An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or without a particular lock held. This error path wrongly releases the lock even when it is not currently held.
References (3)
Core 3
Core References
Patch, Vendor Advisory
https://xenbits.xenproject.org/xsa/advisory-458.html
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/07/16/3
Patch, Vendor Advisory
http://xenbits.xen.org/xsa/advisory-458.html
Scores
CVSS v3
7.5
EPSS
0.0057
EPSS Percentile
68.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-832
Status
published
Products (1)
xen/xen
4.4.0
Published
Jul 18, 2024
Tracked Since
Feb 18, 2026