CVE-2024-36912

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description In CoCo VMs, it is possible for the untrusted host to cause set memory encrypted() or set memory decrypted() to fail, resulting in shared memory. Callers need to handle these errors to avoid returning decrypted memory to the page allocator, which could lead to functional or security issues. A field has been added to struct vmbus gpadl to track the decryption status of buffers, allowing callers to determine whether to free or leak pages.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-402CWE-1258CWE-416

Related Identifiers

BDU:2025-06991

BDU:2025-06992

CVE-2024-36912

MGASA-2024-0263

MGASA-2024-0266

OPENSUSE-SU-2024_2947-1

SUSE-SU-2024:2802-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2024-36912

Weakness Enumeration

Related Identifiers

Affected Products

References · 2868