CVE-2024-31143

double unlock in x86 guest IRQ handling

CVSS 7.5 HIGHEPSS 0.5%CWE-832

In short

A bug in how Xen handles PCI interrupts can cause the system to release a lock twice, potentially crashing the virtual machine or causing unpredictable behavior. This happens when multiple interrupt vectors are set up and an error occurs during the process.

Technical detail

CVE-2024-31143 involves a double unlock vulnerability (CWE-832) in x86 guest IRQ handling for PCI MSI Multiple Message feature. The error path in interrupt vector setup incorrectly releases a lock regardless of whether it was previously acquired, leading to lock state corruption. An attacker with guest OS privileges or the ability to trigger MSI configuration errors can cause denial of service or potential privilege escalation within the guest domain.

Summary generated and translated by AI from the official description.

An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or without a particular lock held. This error path wrongly releases the lock even when it is not currently held.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Xen · Xen

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://xenbits.xenproject.org/xsa/advisory-458.html http://www.openwall.com/lists/oss-security/2024/07/16/3 http://xenbits.xen.org/xsa/advisory-458.html