CVE-2024-36913 in Linuxinfo

Summary

by MITRE • 05/30/2024

In the Linux kernel, the following vulnerability has been resolved:

Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails

In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues.

VMBus code could free decrypted pages if set_memory_encrypted()/decrypted() fails. Leak the pages if this happens.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 08/05/2025

The vulnerability identified as CVE-2024-36913 represents a critical memory management flaw within the Linux kernel's Hyper-V VMBus driver implementation. This issue specifically affects Confidential Computing (CoCo) virtual machines where the hypervisor operates in an untrusted environment, creating a scenario where malicious or compromised host systems can manipulate memory encryption states. The vulnerability stems from inadequate error handling in the memory encryption/decryption functions, particularly set_memory_encrypted() and set_memory_decrypted(), which are fundamental to maintaining memory confidentiality in secure virtualized environments. When these functions return error codes indicating failure, the existing code path fails to properly account for the memory state, leading to potential security and functional consequences.

The technical flaw manifests in the VMBus driver's handling of memory encryption operations within CoCo VMs, where the system encounters scenarios where set_memory_encrypted() or set_memory_decrypted() operations fail due to host interference or system constraints. In normal operation, these functions should successfully transition memory pages between encrypted and decrypted states, but when they fail, the driver's error handling mechanism becomes inadequate. The existing implementation attempts to free decrypted pages when encryption/decryption operations fail, but this approach is flawed because it doesn't properly account for the memory state, potentially leaving pages in an inconsistent state. This creates a memory leak scenario where pages are not properly returned to the system's memory pool, while simultaneously potentially exposing decrypted memory to the page allocator.

The operational impact of this vulnerability extends beyond simple resource exhaustion to encompass significant security implications within virtualized environments. When the memory encryption functions fail and pages are leaked rather than properly handled, the system may inadvertently expose previously decrypted memory to the page allocator, creating potential information leakage channels. This represents a direct violation of memory confidentiality principles that are fundamental to Confidential Computing environments, where the integrity and secrecy of memory contents must be maintained even in the presence of untrusted host environments. The vulnerability creates a pathway for potential data exposure where sensitive information could be inadvertently shared through the page allocator, compromising the security model that CoCo VMs are designed to provide.

Mitigation strategies for this vulnerability require careful consideration of both immediate patch application and long-term architectural improvements to the memory management subsystem. The primary fix involves modifying the VMBus driver code to properly handle error conditions in set_memory_encrypted() and set_memory_decrypted() operations by ensuring that when these functions fail, the system leaks the pages rather than attempting to free them, preventing them from being returned to the page allocator in an inconsistent state. This approach aligns with common security practices for memory management in virtualized environments and addresses the root cause by preventing the propagation of potentially compromised memory states. Organizations should prioritize patching affected systems and implementing monitoring for anomalous memory allocation patterns that might indicate the vulnerability's exploitation. The fix also demonstrates the importance of proper error handling in security-critical code paths, particularly in virtualization environments where the boundary between trusted and untrusted components must be carefully maintained. This vulnerability highlights the necessity of robust error handling in Confidential Computing implementations and serves as a reminder of the complex security considerations inherent in virtualized memory management systems. The issue relates to CWE-459, which addresses incomplete cleanup and CWE-755, concerning improper handling of exceptional conditions, while also aligning with ATT&CK techniques related to privilege escalation and information disclosure through memory manipulation.

Sources

Interested in the pricing of exploits?

See the underground prices here!