Vulnerability DatabaseCVE-2024-31143
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-31143
July 18, 2024
An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or without a particular lock held. This error path wrongly releases the lock even when it is not currently held.
Related Resources (5)
http://www.openwall.com/lists/oss-security/2024/07/16/3
https://xenbits.xenproject.org/xsa/advisory-458.html
http://xenbits.xen.org/xsa/advisory-458.html
https://xenbits.xen.org/xsa/xsa458.patch
https://github.com/xen-project/xen/commit/57338346f29cea7b183403561bdc5f407163b846
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Unlock of a Resource that is not Locked
CWE-832
EPSS
Base Score:
0.62