CVE-2024-36913
HIGHDescription
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. VMBus code could free decrypted pages if set_memory_encrypted()/decrypted() fails. Leak the pages if this happens.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| debian | debian_linux |
| linux | linux_kernel |
| linux | linux_kernel |
| linux | linux_kernel |
| linux | linux_kernel |
| linux | linux_kernel |
| linux | linux_kernel |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2024-36913? +
How severe is CVE-2024-36913? +
What products are affected by CVE-2024-36913? +
How do I check if I'm vulnerable to CVE-2024-36913? +
Related Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl In CoCo …
Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.
Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration 1-click-migration allows Retrieve …
Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote …
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak …
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, …