PT-2024-3852 · Linux+8 · Linux Kernel+8

Gabe Kirkpatrick

Published

2024-02-23

Updated

2025-09-29

CVE-2024-35791

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use-after-free problem in the svm register enc region() function. This occurs when the cache flush of converted pages is not done before dropping kvm->lock, allowing a different task to free the region and/or its array of pages. The problem is exacerbated by the dynamic allocation of region->pages. Flushing multiple pages under kvm->lock is necessary but unfortunate, as it is only needed on CPUs lacking coherency for encrypted memory. The entire flow is a rare slow path.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2024:6567

ALSA-2025_16880

BDU:2024-04232

CVE-2024-35791

DLA-3842-1

INFSA-2024_6567

OESA-2024-1650

OESA-2024-1680

OESA-2024-1681

RHSA-2024:4823

RHSA-2024:4831

RHSA-2024:6567

RHSA-2024_6567

RLSA-2024:6567

RXSA-2024:6567

SUSE-SU-2024:1979-1

SUSE-SU-2024:1983-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2135-1

SUSE-SU-2024:2184-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6898-1

USN-6898-2

USN-6898-3

USN-6898-4

USN-6917-1

USN-6919-1

USN-6927-1

USN-7019-1

Affected Products

Almalinux

Astra Linux

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-3852 · Linux+8 · Linux Kernel+8

CVE-2024-35791

Weakness Enumeration

Related Identifiers

Affected Products

References · 3475