CVE-2024-36913

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-36913
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36913.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-36913
Downstream
Related
Published
2024-05-30T15:29:11.016Z
Modified
2026-03-23T05:04:30.529157323Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails
Details

In the Linux kernel, the following vulnerability has been resolved:

Drivers: hv: vmbus: Leak pages if setmemoryencrypted() fails

In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted() or setmemorydecrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues.

VMBus code could free decrypted pages if setmemoryencrypted()/decrypted() fails. Leak the pages if this happens.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36913.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f2f136c05fb6093818a3b3fefcba46231ac66a62
Fixed
7f2afcbfe4f6b6047b5f68db5067b7321e5be125
Fixed
6123a4e8e25bd40cf44db14694abac00e6b664e6
Fixed
e813a0fc2e597146e9cebea61ced9c796d4e308f
Fixed
03f5a999adba062456c8c818a683beb1b498983a

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36913.json"