Is CVE-2024-31142 actively exploited?

CVE-2024-31142 has no public evidence of in-the-wild exploitation as of 2026-01-05.

What is the CVSS score for CVE-2024-31142?

CVE-2024-31142 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2024-31142?

Patch guidance is available from xen security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-31142.

Fix CVE-2024-31142 - HIGH xen xen

Q: Which products are affected by CVE-2024-31142?

6 products: xen xen, xen xen, xen xen, xen xen, fedoraproject fedora, and 1 more.

Description

Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: high
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-693

Metadata

Primary Vendor: XEN
Published: 5/16/2024
Last Modified: 1/5/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

xen : xenxen : xenxen : xenxen : xenfedoraproject : fedorafedoraproject : fedora

Remediation Guidance

Executive Summary

View on NIST NVD