Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-36910

Опубликовано: 30 мая 2024
Источник: nvd
CVSS3: 6.2
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

uio_hv_generic: Don't free decrypted memory

In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues.

The VMBus device UIO driver could free decrypted/shared pages if set_memory_decrypted() fails. Check the decrypted field in the gpadl to decide whether to free the memory.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия до 6.1.91 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.2 (включая) до 6.6.31 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.7 (включая) до 6.8.10 (исключая)
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*

EPSS

Процентиль: 1%
0.00008
Низкий

6.2 Medium

CVSS3

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2024-36910

CVSS3: 6.2
ubuntu
больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. The VMBus device UIO driver could free decrypted/shared pages if set_memory_decrypted() fails. Check the decrypted field in the gpadl to decide whether to free the memory.

redhat логотип

CVE-2024-36910

CVSS3: 4.4
redhat
больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. The VMBus device UIO driver could free decrypted/shared pages if set_memory_decrypted() fails. Check the decrypted field in the gpadl to decide whether to free the memory.

msrc логотип

CVE-2024-36910

CVSS3: 6.2
msrc
7 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-36910

CVSS3: 6.2
debian
больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: u ...

fstec логотип

BDU:2025-04529

CVSS3: 6.2
fstec
больше 1 года назад

Уязвимость функции hv_uio_cleanup() модуля drivers/uio/uio_hv_generic.c - драйвера поддержки пользовательского ввода-вывода ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 1%
0.00008
Низкий

6.2 Medium

CVSS3

Дефекты

CWE-200