In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. The VMBus device UIO driver could free decrypted/shared pages if set_memory_decrypted() fails. Check the decrypted field in the gpadl to decide whether to free the memory.
History

Wed, 06 Nov 2024 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-30T15:29:08.902Z

Updated: 2024-12-19T09:01:53.302Z

Reserved: 2024-05-30T15:25:07.067Z

Link: CVE-2024-36910

cve-icon Vulnrichment

Updated: 2024-08-02T03:43:50.063Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-30T16:15:14.457

Modified: 2024-11-21T09:22:47.707

Link: CVE-2024-36910

cve-icon Redhat

Severity : Low

Publid Date: 2024-05-30T00:00:00Z

Links: CVE-2024-36910 - Bugzilla