CVE-2024-31146

HIGH 7.5

PCI device pass-through with shared resources

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration cannot really be security-supported, yet making that explicit was so far missing. Resources the sharing of which is known to be problematic include, but are not limited to - - PCI Base Address Registers (BARs) of multiple devices mapping to the same page (4k on x86), - - INTx lines.

Vendor	xen
Product	xen
Published	Sep 25, 2024
Last Updated	Sep 25, 2024

Stay Ahead of the Next One

Get instant alerts for xen xen

Be the first to know when new high vulnerabilities affecting xen xen are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Xen / Xen

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

xenbits.xenproject.org: https://xenbits.xenproject.org/xsa/advisory-461.html xenbits.xen.org: http://xenbits.xen.org/xsa/advisory-461.html openwall.com: http://www.openwall.com/lists/oss-security/2024/08/14/3