CVE-2024-36909

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description In CoCo VMs, it is possible for the untrusted host to cause set memory encrypted() or set memory decrypted() to fail, resulting in shared memory. Callers need to handle these errors to avoid returning decrypted memory to the page allocator, which could lead to functional or security issues. The VMBus ring buffer code could free decrypted/shared pages if set memory decrypted() fails. Checking the decrypted field in the struct vmbus gpadl for the ring buffers can help decide whether to free the memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-99

Related Identifiers

AZL-67991

BDU:2025-08072

CVE-2024-36909

MGASA-2024-0263

MGASA-2024-0266

OESA-2024-2296

OPENSUSE-SU-2024_2947-1

SUSE-SU-2024:2802-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:2973-1

SUSE-SU-2024:3194-1

SUSE-SU-2024:3383-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2024-36909

Weakness Enumeration

Related Identifiers

Affected Products

References · 3611