Lucene search
Xen ProjectXSA-455HistoryApr 09, 2024 - 4:29 p.m.
x86: Incorrect logic for BTC/SRSO mitigations
2024-04-0916:29:00
Xen Project
xenbits.xen.org
7
xsa-407
xsa-434
logical error
speculative return stack overflow
vulnerable systems
hardware susceptible
ISSUE DESCRIPTION
Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted.
For more details, see: <a href=“https://xenbits.xen.org/xsa/advisory-407.html”>https://xenbits.xen.org/xsa/advisory-407.html</a> <a href=“https://xenbits.xen.org/xsa/advisory-434.html”>https://xenbits.xen.org/xsa/advisory-434.html</a>
IMPACT
XSAs 407 and 434 are unmitigated, even when the patches are in place.
VULNERABLE SYSTEMS
All versions of Xen containing the XSA-407 fixes are vulnerable.
See XSAs 407 and 434 for details on which hardware is susceptible to BTC/SRSO.
Related
osv
osv
CVE-2024-31142
2024-05-16 14:15:08
vulnrichment
vulnrichment
CVE-2024-31142 x86: Incorrect logic for BTC/SRSO mitigations
2024-05-16 13:39:42
debiancve
debiancve
CVE-2024-31142
2024-05-16 14:15:08
nvd
nvd
CVE-2024-31142
2024-05-16 14:15:08
cvelist
cvelist
CVE-2024-31142 x86: Incorrect logic for BTC/SRSO mitigations
2024-05-16 13:39:42
ubuntucve
ubuntucve
CVE-2024-31142
2024-05-16 00:00:00
cve
cve
CVE-2024-31142
2024-05-16 14:15:08
openvas
openvas
openSUSE: Security Advisory for xen (SUSE-SU-2024:1259-1)
2024-04-17 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1541-1)
2024-05-07 00:00:00
Fedora: Security Advisory for xen (FEDORA-2024-4357ec611d)
2024-05-27 00:00:00
nessus
nessus
Fedora 38 : xen (2024-a676697123)
2024-04-25 00:00:00
Fedora 39 : xen (2024-4357ec611d)
2024-04-25 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: xen-4.18.2-1.fc40
2024-04-25 01:00:44
[SECURITY] Fedora 38 Update: xen-4.17.4-1.fc38
2024-04-26 01:04:11
[SECURITY] Fedora 39 Update: xen-4.17.4-1.fc39
2024-04-25 01:20:27
citrix
citrix