CVE-2024-31142

Because of a logical error in XSA-407 (Branch Type Confusion), the
mitigation is not applied properly when it is intended to be used.
XSA-434 (Speculative Return Stack Overflow) uses the same
infrastructure, so is equally impacted.

For more details, see:
  https://xenbits.xen.org/xsa/advisory-407.html
  https://xenbits.xen.org/xsa/advisory-434.html
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
XENCNA
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
xenxen
𝑥
< 4.15.6
xenxen
4.16.0 ≤
𝑥
< 4.16.6
xenxen
4.17.0 ≤
𝑥
< 4.17.4
xenxen
4.18.0 ≤
𝑥
< 4.18.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
4.17.5+23-ga4e5191dc0-1+deb12u1
fixed
bookworm (security)
4.17.5+72-g01140da4e8-1
fixed
trixie
4.20.0+68-g35cb38b222-1
fixed
trixie (security)
4.20.2+7-g1badcf5035-0+deb13u1
fixed
forky
4.20.2+7-g1badcf5035-2
fixed
sid
4.20.2+7-g1badcf5035-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
questing
needs-triage
plucky
needs-triage
oracular
ignored
noble
needs-triage
mantic
ignored
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://xenbits.xenproject.org/xsa/advisory-455.html
http://xenbits.xen.org/xsa/advisory-455.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5OK6MH75S7YWD34EWW7QIZTS627RIE3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYAZ7P6YFJ2E3FHKAGIKHWS46KYMMTZH/
https://xenbits.xenproject.org/xsa/advisory-455.html