U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-31146

Change History

New CVE Received from Xen Project 9/25/2024 7:15:12 AM

Action Type Old Value New Value
Added Description

								
							
							
						
When multiple devices share resources and one of them is to be passed
through to a guest, security of the entire system and of respective
guests individually cannot really be guaranteed without knowing
internals of any of the involved guests.  Therefore such a configuration
cannot really be security-supported, yet making that explicit was so far
missing.

Resources the sharing of which is known to be problematic include, but
are not limited to
- - PCI Base Address Registers (BARs) of multiple devices mapping to the
  same page (4k on x86),
- - INTx lines.
Added Reference

								
							
							
						
Xen Project https://xenbits.xenproject.org/xsa/advisory-461.html [No types assigned]