{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-31145","assignerOrgId":"23aa2041-22e1-471f-9209-9b7396fa234f","state":"PUBLISHED","assignerShortName":"XEN","dateReserved":"2024-03-28T18:14:12.893Z","datePublished":"2024-09-25T10:31:43.523Z","dateUpdated":"2024-09-25T13:29:33.308Z"},"containers":{"cna":{"title":"error handling in x86 IOMMU identity mapping","datePublic":"2024-08-13T12:00:00.000Z","descriptions":[{"lang":"en","value":"Certain PCI devices in a system might be assigned Reserved Memory\nRegions (specified via Reserved Memory Region Reporting, \"RMRR\") for\nIntel VT-d or Unity Mapping ranges for AMD-Vi.  These are typically used\nfor platform tasks such as legacy USB emulation.\n\nSince the precise purpose of these regions is unknown, once a device\nassociated with such a region is active, the mappings of these regions\nneed to remain continuouly accessible by the device.  In the logic\nestablishing these mappings, error handling was flawed, resulting in\nsuch mappings to potentially remain in place when they should have been\nremoved again.  Respective guests would then gain access to memory\nregions which they aren't supposed to have access to."}],"impacts":[{"descriptions":[{"lang":"en","value":"The precise impact is system specific.  Denial of Service (DoS)\naffecting the entire host or individual guests, privilege escalation,\nand information leaks cannot be ruled out."}]}],"affected":[{"defaultStatus":"unknown","product":"Xen","vendor":"Xen","versions":[{"status":"unknown","version":"consult Xen advisory XSA-460"}]}],"configurations":[{"lang":"en","value":"Only x86 systems passing PCI devices with RMRR/Unity regions through to\nguests are potentially affected.\n\nPCI devices listed in a vm.cfg file have error handling which causes `xl\ncreate` to abort and tear down the domain, and is thus believed to be\nsafe.\n\nPCI devices attached using `xl pci-attach` will result in the command\nreturning nonzero, but will not tear down the domain.  VMs which\ncontinue to run after `xl pci-attach` has failed expose the\nvulnerability.\n\nFor x86 Intel hardware, Xen versions 4.0 and later are affected.\n\nFor all x86 hardware, Xen versions having the XSA-378 fixes applied /\nbackported are affected."}],"workarounds":[{"lang":"en","value":"Assigning devices using the vm.cfg file for attachment at boot avoids\nthe vulnerability."}],"credits":[{"lang":"en","type":"finder","value":"This issue was discovered by Teddy Astie of Vates and diagnosed as a\nsecurity issue by Jan Beulich of SUSE."}],"references":[{"url":"https://xenbits.xenproject.org/xsa/advisory-460.html"}],"providerMetadata":{"orgId":"23aa2041-22e1-471f-9209-9b7396fa234f","shortName":"XEN","dateUpdated":"2024-09-25T10:31:43.523Z"}},"adp":[{"title":"CVE Program Container","references":[{"url":"http://xenbits.xen.org/xsa/advisory-460.html"},{"url":"http://www.openwall.com/lists/oss-security/2024/08/14/2"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-09-25T11:02:50.356Z"}},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-400","lang":"en","description":"CWE-400 Uncontrolled Resource Consumption"}]}],"affected":[{"vendor":"xen","product":"xen","cpes":["cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"*","versionType":"custom"}]}],"metrics":[{"cvssV3_1":{"scope":"CHANGED","version":"3.1","baseScore":7.5,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"HIGH","availabilityImpact":"HIGH","privilegesRequired":"HIGH","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-09-25T13:27:44.216381Z","id":"CVE-2024-31145","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-25T13:29:33.308Z"}}]}}