VDB
DEBIAN-CVE-2024-31146
DEBIAN-CVE-2024-31146
PUBLISHED
CVSS 7.5 HIGH
When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration cannot really be security-supported, yet making that explicit was so far missing. Resources the sharing of which is known to be problematic include, but are not limited to - - PCI Base Address Registers (BARs) of multiple devices mapping to the same page (4k on x86), - - INTx lines.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | xen | 0, 0 |
| Debian:13 | xen | 0, 0 |
| Debian:11 | xen | 4.14.3-1, 4.17.2+55, 4.17.2+76 |
| Debian:12 | xen | 4.17.2+76-ge1f9cb16e2-1~deb12u1, 4.17.2-1, 4.17.3+10-g091466ba55-1.1 |
Timeline
- Sep 25, 2024 CVE Published
- Apr 28, 2026 CVE Updated