CVE-2024-31142
x86: Incorrect logic for BTC/SRSO mitigations
In short
A logic error in Xen's mitigation for Branch Type Confusion (BTC) and Speculative Return Stack Overflow (SRSO) vulnerabilities causes the protections to not activate as intended, leaving the system exposed to these hardware-level attacks.
Technical detail
XSA-407 and XSA-434 mitigations in Xen x86 contain a logical flaw that prevents proper activation of BTC/SRSO defenses. An attacker with local access to a guest VM can exploit speculative execution weaknesses to breach isolation between domains or extract sensitive data, since the intended mitigation code path is not executed.
Summary generated and translated by AI from the official description.
Because of a logical error in XSA-407 (Branch Type Confusion), the
mitigation is not applied properly when it is intended to be used.
XSA-434 (Speculative Return Stack Overflow) uses the same
infrastructure, so is equally impacted.
For more details, see:
https://xenbits.xen.org/xsa/advisory-407.html
https://xenbits.xen.org/xsa/advisory-434.html
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Xen · XenWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5OK6MH75S7YWD34EWW7QIZTS627RIE3/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYAZ7P6YFJ2E3FHKAGIKHWS46KYMMTZH/https://xenbits.xenproject.org/xsa/advisory-455.htmlhttp://xenbits.xen.org/xsa/advisory-455.html