Vulners
Lucene search
Linux Distros Unpatched Vulnerability : CVE-2024-31144
| Reporter | Title | Published | Views | Family All 19 |
|---|---|---|---|---|
 | CVE-2024-31144 | 14 Feb 202520:26 | – | circl |
 | Hotfix XS82ECU1066 - For Citrix Hypervisor 8.2 Cumulative Update 1 | 16 Jul 202400:00 | – | citrix |
| XenServer and Citrix Hypervisor Security Update for CVE-2024-31143 and CVE-2024-31144 | 16 Jul 202400:00 | – | citrix |
| Backup and restore capabilities in XenServer xsconsole | 16 Jul 202400:00 | – | citrix |
| Security Bulletins for XenServer | 21 Aug 202406:47 | – | citrix |
 | CVE-2024-31144 | 14 Feb 202520:16 | – | cve |
 | CVE-2024-31144 Xapi: Metadata injection attack against backup/restore functionality | 14 Feb 202520:16 | – | cvelist |
 | EUVD-2024-29054 | 3 Oct 202520:07 | – | euvd |
 | Updated xen packages fix security vulnerabilities | 9 Nov 202507:52 | – | mageia |
 | CVE-2024-31144 | 14 Feb 202521:15 | – | nvd |
10
| Source | Link |
|---|---|
| ubuntu | www.ubuntu.com/security/CVE-2024-31144 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(262026);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/03");
script_cve_id("CVE-2024-31144");
script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2024-31144");
script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.
- For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.html#object-
model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and
Storage Repositories (SRs). The metadata itself is stored in a Virtual Disk Image (VDI) inside an SR. This
is used for two purposes; a general backup of metadata (e.g. to recover from a host failure if the filer
is still good), and Portable SRs (e.g. using an external hard drive to move VMs to another host). Metadata
is only restored as an explicit administrator action, but occurs in cases where the host has no
information about the SR, and must locate the metadata VDI in order to retrieve the metadata. The metadata
VDI is located by searching (in UUID alphanumeric order) each VDI, mounting it, and seeing if there is a
suitable metadata file present. The first matching VDI is deemed to be the metadata VDI, and is restored
from. In the general case, the content of VDIs are controlled by the VM owner, and should not be trusted
by the host administrator. A malicious guest can manipulate its disk to appear to be a metadata backup. A
guest cannot choose the UUIDs of its VDIs, but a guest with one disk has a 50% chance of sorting ahead of
the legitimate metadata backup. A guest with two disks has a 75% chance, etc. (CVE-2024-31144)
Note that Nessus relies on the presence of the package as reported by the vendor.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2024-31144");
script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:S/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-31144");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/07/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/09/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:24.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.04");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.10");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xen");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
script_require_ports("Host/OS/Ubuntu Linux-16.04", "Host/OS/Ubuntu Linux-18.04", "Host/OS/Ubuntu Linux-20.04", "Host/OS/Ubuntu Linux-22.04", "Host/OS/Ubuntu Linux-24.04", "Host/OS/Ubuntu Linux-25.04", "Host/OS/Ubuntu Linux-25.10");
exit(0);
}
if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);
include('linux_unpatched.inc');
var distro_constraints_array = {
"Ubuntu Linux-16.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "16.04",
"pkgs": [
{"reference": "libxen-4.6"},
{"reference": "libxen-dev"},
{"reference": "libxenstore3.0"},
{"reference": "xen-hypervisor-4.4-amd64"},
{"reference": "xen-hypervisor-4.4-arm64"},
{"reference": "xen-hypervisor-4.4-armhf"},
{"reference": "xen-hypervisor-4.5-amd64"},
{"reference": "xen-hypervisor-4.5-arm64"},
{"reference": "xen-hypervisor-4.5-armhf"},
{"reference": "xen-hypervisor-4.6-amd64"},
{"reference": "xen-hypervisor-4.6-arm64"},
{"reference": "xen-hypervisor-4.6-armhf"},
{"reference": "xen-system-amd64"},
{"reference": "xen-system-arm64"},
{"reference": "xen-system-armhf"},
{"reference": "xen-utils-4.6"},
{"reference": "xen-utils-common"},
{"reference": "xenstore-utils"}
]
}
]
},
"Ubuntu Linux-18.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "18.04",
"pkgs": [
{"reference": "libxen-4.9"},
{"reference": "libxen-dev"},
{"reference": "libxenstore3.0"},
{"reference": "xen-hypervisor-4.6-amd64"},
{"reference": "xen-hypervisor-4.6-arm64"},
{"reference": "xen-hypervisor-4.6-armhf"},
{"reference": "xen-hypervisor-4.7-amd64"},
{"reference": "xen-hypervisor-4.7-arm64"},
{"reference": "xen-hypervisor-4.7-armhf"},
{"reference": "xen-hypervisor-4.8-amd64"},
{"reference": "xen-hypervisor-4.8-arm64"},
{"reference": "xen-hypervisor-4.8-armhf"},
{"reference": "xen-hypervisor-4.9-amd64"},
{"reference": "xen-hypervisor-4.9-arm64"},
{"reference": "xen-hypervisor-4.9-armhf"},
{"reference": "xen-system-amd64"},
{"reference": "xen-system-arm64"},
{"reference": "xen-system-armhf"},
{"reference": "xen-utils-4.9"},
{"reference": "xen-utils-common"},
{"reference": "xenstore-utils"}
]
}
]
},
"Ubuntu Linux-20.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "20.04",
"pkgs": [
{"reference": "xen"}
]
}
]
},
"Ubuntu Linux-22.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "22.04",
"pkgs": [
{"reference": "xen"}
]
}
]
},
"Ubuntu Linux-24.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "24.04",
"pkgs": [
{"reference": "xen"}
]
}
]
},
"Ubuntu Linux-25.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "25.04",
"pkgs": [
{"reference": "xen"}
]
}
]
},
"Ubuntu Linux-25.10": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "25.10",
"pkgs": [
{"reference": "xen"}
]
}
]
}
};
var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);
if (!empty_or_null(report))
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : report
);
exit(0);
}
else
{
audit(AUDIT_HOST_NOT, 'affected');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Feb 2026 00:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.13.8
EPSS0.00097
SSVC