Kuppuswamy Sathyanarayanan

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.37 **Description** In CoCo VMs, it is possible for the untrusted host to cause `set memory encrypted()` or `set memory decrypted()` to fail, resulting in shared memory. Callers need to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. The `netvsc` driver could free decrypted/shared pages if `set memory decrypted()` fails. Checking the `decrypted` field in the `gpadl` can decide whether to free the memory. **Recommendations** To resolve the issue, update to Linux kernel version 6.6.37 or later. As a temporary workaround, consider checking the `decrypted` field in the `gpadl` to decide whether to free the memory, and handle errors from `set memory encrypted()` and `set memory decrypted()` to avoid returning decrypted (shared) memory to the page allocator.