Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-36913

Опубликовано: 30 мая 2024
Источник: nvd
CVSS3: 8.1
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails

In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues.

VMBus code could free decrypted pages if set_memory_encrypted()/decrypted() fails. Leak the pages if this happens.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия до 6.6.31 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.7 (включая) до 6.8.10 (исключая)
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*

EPSS

Процентиль: 16%
0.00053
Низкий

8.1 High

CVSS3

Дефекты

CWE-1258

Связанные уязвимости

ubuntu логотип

CVE-2024-36913

CVSS3: 8.1
ubuntu
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. VMBus code could free decrypted pages if set_memory_encrypted()/decrypted() fails. Leak the pages if this happens.

redhat логотип

CVE-2024-36913

CVSS3: 4.4
redhat
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. VMBus code could free decrypted pages if set_memory_encrypted()/decrypted() fails. Leak the pages if this happens.

debian логотип

CVE-2024-36913

CVSS3: 8.1
debian
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: D ...

fstec логотип

BDU:2025-07455

CVSS3: 8.1
fstec
больше 1 года назад

Уязвимость функции vmbus_connect() модуля drivers/hv/connection.c - драйвера поддержки гостевого режима Microsoft Hyper-V ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

suse-cvrf логотип

SUSE-SU-2024:2802-1

suse-cvrf
около 1 года назад

Security update for the Linux Kernel

EPSS

Процентиль: 16%
0.00053
Низкий

8.1 High

CVSS3

Дефекты

CWE-1258