CVE-2024-31144
CVE-2024-31144 is a low-severity vulnerability in Xen Xapi with a CVSS 3.x base score of 3.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-829.
Key facts
- Severity: Low (CVSS 3.x base score 3.8)
- EPSS exploit prediction: 0% (10th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2024-29054
- Weakness: CWE-829
- Affected product: Xen Xapi
- Published:
- Last modified:
Description
For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.html#object-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories (SRs). The metadata itself is stored in a Virtual Disk Image (VDI) inside an SR. This is used for two purposes; a general backup of metadata (e.g. to recover from a host failure if the filer is still good), and Portable SRs (e.g. using an external hard drive to move VMs to another host). Metadata is only restored as an explicit administrator action, but occurs in cases where the host has no information about the SR, and must locate the metadata VDI in order to retrieve the metadata. The metadata VDI is located by searching (in UUID alphanumeric order) each VDI, mounting it, and seeing if there is a suitable metadata file present. The first matching VDI is deemed to be the metadata VDI, and is restored from. In the general case, the content of VDIs are controlled by the VM owner, and should not be trusted by the host administrator. A malicious guest can manipulate its disk to appear to be a metadata backup. A guest cannot choose the UUIDs of its VDIs, but a guest with one disk has a 50% chance of sorting ahead of the legitimate metadata backup. A guest with two disks has a 75% chance, etc.
Frequently asked questions
- What is CVE-2024-31144?
- For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.html#object-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories (SRs). The metadata itself is stored in a Virtual Disk Image (VDI) inside an SR. This is used for two purposes; a general backup of metadata (e.g. to recover from a host failure if the filer is still good), and Portable SRs (e.g. using an external hard drive to move VMs to another host). Metadata is only restored as an explicit administrator action, but occurs in cases where the host has no information about the SR, and must locate the metadata VDI in order to retrieve the metadata. The metadata VDI is located by searching (in UUID alphanumeric order) each VDI, mounting it, and seeing if there is a suitable metadata file present. The first matching VDI is deemed to be the metadata VDI, and is restored from. In the general case, the content of VDIs are controlled by the VM owner, and should not be trusted by the host administrator. A malicious guest can manipulate its disk to appear to be a metadata backup. A guest cannot choose the UUIDs of its VDIs, but a guest with one disk has a 50% chance of sorting ahead of the legitimate metadata backup. A guest with two disks has a 75% chance, etc.
- How severe is CVE-2024-31144?
- CVE-2024-31144 has a CVSS 3.x base score of 3.8, rated low severity. It is exploitable over local access with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is low, integrity none, and availability none.
- Is CVE-2024-31144 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (10th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2024-31144?
- CVE-2024-31144 affects Xen Xapi. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2024-31144?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2024-31144 have an EU (EUVD) identifier?
- Yes. CVE-2024-31144 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-29054.
- When was CVE-2024-31144 published?
- CVE-2024-31144 was published on 2025-02-14 and last updated on 2026-06-17.
References
- https://xenbits.xen.org/xsa/advisory-459.html
- http://www.openwall.com/lists/oss-security/2024/07/16/4
- http://xenbits.xen.org/xsa/advisory-459.html
Affected products (1)
- cpe:2.3:o:xen:xapi:*:*:*:*:*:*:*:*
More vulnerabilities in Xen Xapi
- CVE-2020-29487 — High (CVSS 7.5): An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are…
- CVE-2022-33749 — Medium (CVSS 5.3): XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its…
Other CWE-829 vulnerabilities
- CVE-2026-1699 — Critical (CVSS 10.0): In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used…
- CVE-2025-70974 — Critical (CVSS 10.0): Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key…
- CVE-2025-0982 — Critical (CVSS 10.0): Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute…
- CVE-2021-41037 — Critical (CVSS 10.0): In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via…
- CVE-2022-1161 — Critical (CVSS 10.0): An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix,…
- CVE-2020-4561 — Critical (CVSS 10.0): IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This…