mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
83 lines
3.5 KiB
JSON
83 lines
3.5 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-31146",
|
|
"ASSIGNER": "security@xen.org",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "When multiple devices share resources and one of them is to be passed\nthrough to a guest, security of the entire system and of respective\nguests individually cannot really be guaranteed without knowing\ninternals of any of the involved guests. Therefore such a configuration\ncannot really be security-supported, yet making that explicit was so far\nmissing.\n\nResources the sharing of which is known to be problematic include, but\nare not limited to\n- - PCI Base Address Registers (BARs) of multiple devices mapping to the\n same page (4k on x86),\n- - INTx lines."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Xen",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Xen",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"status": "unknown",
|
|
"version": "consult Xen advisory XSA-461"
|
|
}
|
|
],
|
|
"defaultStatus": "unknown"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://xenbits.xenproject.org/xsa/advisory-461.html",
|
|
"refsource": "MISC",
|
|
"name": "https://xenbits.xenproject.org/xsa/advisory-461.html"
|
|
}
|
|
]
|
|
},
|
|
"configuration": [
|
|
{
|
|
"lang": "en",
|
|
"value": "All systems making use of PCI pass-through are in principle vulnerable,\nwhen any kind of resource is shared. Just to re-iterate, even in the\nabsence of resource sharing caveats apply to passing through of PCI\ndevices to entirely untrusted guests."
|
|
}
|
|
],
|
|
"work_around": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Passing through only SR-IOV virtual functions or devices with well-\nseparated resources will avoid this particular vulnerability. Passing\nthrough all devices sharing a given resource to the same guest will also\navoid this particular vulnerability."
|
|
}
|
|
]
|
|
} |