CVE-2024-36910

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description In CoCo VMs, an untrusted host can cause set memory encrypted() or set memory decrypted() to fail, resulting in shared memory. Callers must handle these errors to avoid returning decrypted memory to the page allocator, which could lead to functional or security issues. The VMBus device UIO driver could free decrypted/shared pages if set memory decrypted() fails. Checking the decrypted field in the gpadl can help decide whether to free the memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-402CWE-200

Related Identifiers

AZL-43248

AZL-43285

BDU:2025-04529

CVE-2024-36910

MGASA-2024-0263

MGASA-2024-0266

OESA-2024-2296

OPENSUSE-SU-2024_2947-1

SUSE-SU-2024:2802-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:2973-1

SUSE-SU-2024:3194-1

SUSE-SU-2024:3383-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2024-36910

Weakness Enumeration

Related Identifiers

Affected Products

References · 3616