cvelistv5 - cve-2024-36909

cve-2024-36909

Vulnerability from cvelistv5

Published

2024-05-30 15:29

Modified

2024-08-02 03:43

Severity

Summary

Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted

References

Source	URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/2f622008bf784a9f5dd17baa19223cc2ac30a039
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/30d18df6567be09c1433e81993e35e3da573ac48
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/82f9e213b124a7d2bb5b16ea35d570260ef467e0
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a9212a4e2963a7fbe3864ba33dc551d4ad8d0abb

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36909",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-06T18:33:37.652556Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T15:25:16.529Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.141Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2f622008bf784a9f5dd17baa19223cc2ac30a039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/82f9e213b124a7d2bb5b16ea35d570260ef467e0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a9212a4e2963a7fbe3864ba33dc551d4ad8d0abb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/30d18df6567be09c1433e81993e35e3da573ac48"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/hv/channel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2f622008bf78",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "82f9e213b124",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "a9212a4e2963",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "30d18df6567b",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/hv/channel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Don\u0027t free ring buffers that couldn\u0027t be re-encrypted\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nThe VMBus ring buffer code could free decrypted/shared pages if\nset_memory_decrypted() fails. Check the decrypted field in the struct\nvmbus_gpadl for the ring buffers to decide whether to free the memory."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-30T15:29:08.339Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2f622008bf784a9f5dd17baa19223cc2ac30a039"
        },
        {
          "url": "https://git.kernel.org/stable/c/82f9e213b124a7d2bb5b16ea35d570260ef467e0"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9212a4e2963a7fbe3864ba33dc551d4ad8d0abb"
        },
        {
          "url": "https://git.kernel.org/stable/c/30d18df6567be09c1433e81993e35e3da573ac48"
        }
      ],
      "title": "Drivers: hv: vmbus: Don\u0027t free ring buffers that couldn\u0027t be re-encrypted",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36909",
    "datePublished": "2024-05-30T15:29:08.339Z",
    "dateReserved": "2024-05-30T15:25:07.067Z",
    "dateUpdated": "2024-08-02T03:43:50.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-36909\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-30T16:15:14.380\",\"lastModified\":\"2024-05-30T18:18:58.870\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nDrivers: hv: vmbus: Don\u0027t free ring buffers that couldn\u0027t be re-encrypted\\n\\nIn CoCo VMs it is possible for the untrusted host to cause\\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\\nerror is returned and the resulting memory is shared. Callers need to\\ntake care to handle these errors to avoid returning decrypted (shared)\\nmemory to the page allocator, which could lead to functional or security\\nissues.\\n\\nThe VMBus ring buffer code could free decrypted/shared pages if\\nset_memory_decrypted() fails. Check the decrypted field in the struct\\nvmbus_gpadl for the ring buffers to decide whether to free the memory.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Controladores: hv: vmbus: no liberar b\u00faferes de anillo que no se pudieron volver a cifrar. En las m\u00e1quinas virtuales CoCo, es posible que el host que no es de confianza cause set_memory_encrypted() o set_memory_decrypted( ) falle de modo que se devuelva un error y se comparta la memoria resultante. Las personas que llaman deben tener cuidado al manejar estos errores para evitar devolver memoria descifrada (compartida) al asignador de p\u00e1ginas, lo que podr\u00eda provocar problemas funcionales o de seguridad. El c\u00f3digo del buffer circular de VMBus podr\u00eda liberar p\u00e1ginas descifradas/compartidas si falla set_memory_decrypted(). Verifique el campo descifrado en la estructura vmbus_gpadl para ver los b\u00faferes en anillo para decidir si liberar la memoria.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2f622008bf784a9f5dd17baa19223cc2ac30a039\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/30d18df6567be09c1433e81993e35e3da573ac48\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/82f9e213b124a7d2bb5b16ea35d570260ef467e0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a9212a4e2963a7fbe3864ba33dc551d4ad8d0abb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

wid-sec-w-2024-1259

Vulnerability from csaf_certbund

Published

2024-05-30 22:00

Modified

2024-07-24 22:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifischen Atatck

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux