Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentLinuxVULNRICHMENT:CVE-2024-35791
HistoryMay 17, 2024 - 12:24 p.m.

CVE-2024-35791 KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()

2024-05-1712:24:49
Linux
github.com
1
linux kernel
uaf
svm
flush pages
kvm->lock
use-after-free
svm_register_enc_region

AI Score

6.6

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON

In the Linux kernel, the following vulnerability has been resolved:

KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()

Do the cache flush of converted pages in svm_register_enc_region() before
dropping kvm->lock to fix use-after-free issues where region and/or its
array of pages could be freed by a different task, e.g. if userspace has
__unregister_enc_region_locked() already queued up for the region.

Note, the “obvious” alternative of using local variables doesn’t fully
resolve the bug, as region->pages is also dynamically allocated. I.e. the
region structure itself would be fine, but region->pages could be freed.

Flushing multiple pages under kvm->lock is unfortunate, but the entire
flow is a rare slow path, and the manual flush is only needed on CPUs that
lack coherency for encrypted memory.

Related

redhatcve 1
nvd 1
ubuntucve 1
cve 1
cvelist 1
osv 12
debiancve 1
redos 1
nessus 28
redhat 5
rocky 2
oraclelinux 1
openvas 15
ubuntu 7
redhatcve
redhatcve
CVE-2024-35791
2024-05-17 22:23:23
nvd
nvd
CVE-2024-35791
2024-05-17 13:15:58
ubuntucve
ubuntucve
CVE-2024-35791
2024-05-17 00:00:00
cve
cve
CVE-2024-35791
2024-05-17 13:15:58
cvelist
cvelist
CVE-2024-35791 KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()
2024-05-17 12:24:49
osv
osv
CVE-2024-35791
2024-05-17 13:15:00
Moderate: kernel security update
2024-09-17 00:57:55
Moderate: kernel security update
2024-09-17 00:55:50
debiancve
debiancve
CVE-2024-35791
2024-05-17 13:15:58
redos
redos
ROS-20240909-03
2024-09-09 00:00:00
nessus
nessus
Oracle Linux 9 : kernel (ELSA-2024-6567)
2024-09-12 00:00:00
Rocky Linux 9 : kernel (RLSA-2024:6567)
2024-09-16 00:00:00
RHEL 9 : kernel (RHSA-2024:6567)
2024-09-11 00:00:00
redhat
redhat
(RHSA-2024:6567) Moderate: kernel security update
2024-09-11 00:05:08
(RHSA-2024:4831) Important: kernel-rt security update
2024-07-24 12:51:56
(RHSA-2024:4823) Important: kernel security update
2024-07-24 12:40:38
rocky
rocky
kernel security update
2024-09-17 00:55:50
kernel security update
2024-09-17 00:57:55
oraclelinux
oraclelinux
kernel security update
2024-09-11 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-2352)
2024-09-10 00:00:00
Ubuntu: Security Advisory (USN-6898-3)
2024-07-19 00:00:00
Ubuntu: Security Advisory (USN-6917-1)
2024-07-29 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-07-17 00:00:00
Linux kernel vulnerabilities
2024-07-15 00:00:00
Linux kernel vulnerabilities
2024-07-23 00:00:00

AI Score

6.6

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2024-35791
redhatcve1nvd1ubuntucve1cve1cvelist1osv12debiancve1redos1nessus28redhat5rocky2oraclelinux1openvas15ubuntu7