CVE-2024-31142
Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted.
For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html
| Software | From | Fixed in |
|---|---|---|
| xen / xen | - | 4.15.6 |
| xen / xen | 4.16.0 | 4.16.6 |
| xen / xen | 4.17.0 | 4.17.4 |
| xen / xen | 4.18.0 | 4.18.2 |
| fedoraproject / fedora | 38 | 38.x |
| fedoraproject / fedora | 40 | 40.x |
- http://xenbits.xen.org/xsa/advisory-455.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5OK6MH75S7YWD34EWW7QIZTS627RIE3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYAZ7P6YFJ2E3FHKAGIKHWS46KYMMTZH/
- https://xenbits.xenproject.org/xsa/advisory-455.html
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime