CVE-2024-31143

low-risk
Published 2024-07-18

An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or without a particular lock held. This error path wrongly releases the lock even when it is not currently held.

Do I need to act?

-
0.57% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / HIGH complexity

Affected Products (1)

Xen

Affected Vendors

Xen

References (4)

Patch https://xenbits.xenproject.org/xsa/advisory-458.html
Mailing List http://www.openwall.com/lists/oss-security/2024/07/16/3
Patch http://xenbits.xen.org/xsa/advisory-458.html
Patch https://xenbits.xenproject.org/xsa/advisory-458.html
29
/ 100
low-risk
Severity 22/34 · High
Exploitability 2/34 · Minimal
Exposure 5/34 · Minimal