Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentLinuxVULNRICHMENT:CVE-2024-36913
HistoryMay 30, 2024 - 3:29 p.m.

CVE-2024-36913 Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails

2024-05-3015:29:11
Linux
github.com
2
linux kernel
coco vms
untrusted host
memory encryption
vmbus code
security issues

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved:

Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails

In CoCo VMs it is possible for the untrusted host to cause
set_memory_encrypted() or set_memory_decrypted() to fail such that an
error is returned and the resulting memory is shared. Callers need to
take care to handle these errors to avoid returning decrypted (shared)
memory to the page allocator, which could lead to functional or security
issues.

VMBus code could free decrypted pages if set_memory_encrypted()/decrypted()
fails. Leak the pages if this happens.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/hv/connection.c"
    ],
    "versions": [
      {
        "version": "1da177e4c3f4",
        "lessThan": "6123a4e8e25b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "e813a0fc2e59",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "03f5a999adba",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/hv/connection.c"
    ],
    "versions": [
      {
        "version": "6.6.31",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.8.10",
        "lessThanOrEqual": "6.8.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

nvd 1
redhatcve 1
cvelist 1
debiancve 1
cve 1
ubuntucve 1
nvd
nvd
CVE-2024-36913
2024-05-30 16:15:14
redhatcve
redhatcve
CVE-2024-36913
2024-06-03 13:12:04
cvelist
cvelist
CVE-2024-36913 Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails
2024-05-30 15:29:11
debiancve
debiancve
CVE-2024-36913
2024-05-30 16:15:14
cve
cve
CVE-2024-36913
2024-05-30 16:15:14
ubuntucve
ubuntucve
CVE-2024-36913
2024-05-30 00:00:00

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON
Related for VULNRICHMENT:CVE-2024-36913
nvd1redhatcve1cvelist1debiancve1cve1ubuntucve1