7.5

CVE-2024-31142

EPSS 3.12%
Veröffentlicht 16.05.2024 14:15:08
Zuletzt bearbeitet 05.01.2026 19:00:27
Quelle security@xen.org
CVE-Watchlists
Login
Unerledigt
Login

Because of a logical error in XSA-407 (Branch Type Confusion), the
mitigation is not applied properly when it is intended to be used.
XSA-434 (Speculative Return Stack Overflow) uses the same
infrastructure, so is equally impacted.

For more details, see:
  https://xenbits.xen.org/xsa/advisory-407.html
  https://xenbits.xen.org/xsa/advisory-434.html

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xen ≫ Xen HwPlatformx86 Version < 4.15.6

Xen ≫ Xen HwPlatformx86 Version >= 4.16.0 < 4.16.6

Xen ≫ Xen HwPlatformx86 Version >= 4.17.0 < 4.17.4

Xen ≫ Xen HwPlatformx86 Version >= 4.18.0 < 4.18.2

Fedoraproject ≫ Fedora Version38

Fedoraproject ≫ Fedora Version40

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.12%	0.865

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://xenbits.xenproject.org/xsa/advisory-455.html

Patch

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5OK6MH75S7YWD34EWW7QIZTS627RIE3/

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYAZ7P6YFJ2E3FHKAGIKHWS46KYMMTZH/

Third Party Advisory

Mailing List

http://xenbits.xen.org/xsa/advisory-455.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-31142

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-31142

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-31142

EUVD