DEBIAN-CVE-2024-36913

Advisory lineage Upstream: 1 Downstream: 2

Upstream

CVE-2024-36913

Downstream

DLA-4328-1 DSA-5973-1

Published: 30 May 2024, 16:15

Last modified:28 Apr 2026, 20:28

Vulnerability Summary

Overall Risk (default)

medium

32/100

CVSS Score

8.1 HIGH

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

30 May 2024, 16:15

Published

Vulnerability first disclosed

28 Apr 2026, 20:28

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. VMBus code could free decrypted pages if set_memory_encrypted()/decrypted() fails. Leak the pages if this happens.

CVSS Metrics

v3.1•HIGH•Score: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Systems

debian•linux
< 6.1.147-1 | < 6.8.11-1 | < 6.8.11-1
debian•linux-6.1
< 6.1.153-1~deb11u1

References (1)

https://security-tracker.debian.org/tracker/CVE-2024-36913