CVE-2024-31142

EUVD-2024-29052
Because of a logical error in XSA-407 (Branch Type Confusion), the
mitigation is not applied properly when it is intended to be used.
XSA-434 (Speculative Return Stack Overflow) uses the same
infrastructure, so is equally impacted.

For more details, see:
  https://xenbits.xen.org/xsa/advisory-407.html
  https://xenbits.xen.org/xsa/advisory-434.html
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
xenxen
𝑥
< 4.15.6
xenxen
4.16.0 ≤
𝑥
< 4.16.6
xenxen
4.17.0 ≤
𝑥
< 4.17.4
xenxen
4.18.0 ≤
𝑥
< 4.18.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bookworm
4.17.5+23-ga4e5191dc0-1+deb12u1
fixed
bookworm (security)
4.17.5+72-g01140da4e8-1
fixed
bullseye
vulnerable
bullseye (security)
vulnerable
forky
4.20.2+7-g1badcf5035-2
fixed
sid
4.20.2+7-g1badcf5035-2
fixed
trixie
4.20.0+68-g35cb38b222-1
fixed
trixie (security)
4.20.2+7-g1badcf5035-0+deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
mantic
ignored
noble
needs-triage
oracular
ignored
plucky
needs-triage
questing
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://xenbits.xenproject.org/xsa/advisory-455.html
http://xenbits.xen.org/xsa/advisory-455.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5OK6MH75S7YWD34EWW7QIZTS627RIE3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYAZ7P6YFJ2E3FHKAGIKHWS46KYMMTZH/
https://xenbits.xenproject.org/xsa/advisory-455.html