{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-36910","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-30T15:25:07.067Z","datePublished":"2024-05-30T15:29:08.902Z","dateUpdated":"2026-01-05T10:36:14.618Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-01-05T10:36:14.618Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Don't free decrypted memory\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nThe VMBus device UIO driver could free decrypted/shared pages if\nset_memory_decrypted() fails. Check the decrypted field in the gpadl\nto decide whether to free the memory."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/uio/uio_hv_generic.c"],"versions":[{"version":"d4dccf353db80e209f262e3973c834e6e48ba9a9","lessThan":"dabf12bf994318d939f70d47cfda30e47abb2c54","status":"affected","versionType":"git"},{"version":"d4dccf353db80e209f262e3973c834e6e48ba9a9","lessThan":"6466a0f6d235c8a18c602cb587160d7e49876db9","status":"affected","versionType":"git"},{"version":"d4dccf353db80e209f262e3973c834e6e48ba9a9","lessThan":"fe2c58602354fbd60680dc42ac3a0b772cda7d23","status":"affected","versionType":"git"},{"version":"d4dccf353db80e209f262e3973c834e6e48ba9a9","lessThan":"3d788b2fbe6a1a1a9e3db09742b90809d51638b7","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/uio/uio_hv_generic.c"],"versions":[{"version":"5.16","status":"affected"},{"version":"0","lessThan":"5.16","status":"unaffected","versionType":"semver"},{"version":"6.1.91","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.31","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.8.10","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.91"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.6.31"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.8.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/dabf12bf994318d939f70d47cfda30e47abb2c54"},{"url":"https://git.kernel.org/stable/c/6466a0f6d235c8a18c602cb587160d7e49876db9"},{"url":"https://git.kernel.org/stable/c/fe2c58602354fbd60680dc42ac3a0b772cda7d23"},{"url":"https://git.kernel.org/stable/c/3d788b2fbe6a1a1a9e3db09742b90809d51638b7"}],"title":"uio_hv_generic: Don't free decrypted memory","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.2,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2024-36910","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-05-31T15:18:50.996659Z"}}}],"affected":[{"cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"affected","version":"1da177e4c3f4","lessThan":"dabf12bf9943","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"affected","version":"1da177e4c3f4","lessThan":"6466a0f6d235","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"affected","version":"1da177e4c3f4","lessThan":"fe2c58602354","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"affected","version":"1da177e4c3f4","lessThan":"3d788b2fbe6a","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"unaffected","version":"6.1.91","versionType":"custom","lessThanOrEqual":"6.1.*"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"unaffected","version":"6.6.31","versionType":"custom","lessThanOrEqual":"6.6.*"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"unaffected","version":"6.8.10","versionType":"custom","lessThanOrEqual":"6.8.*"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"unaffected","version":"6.9"}],"defaultStatus":"unknown"}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-200","description":"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:47:42.590Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T03:43:50.063Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/dabf12bf994318d939f70d47cfda30e47abb2c54","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6466a0f6d235c8a18c602cb587160d7e49876db9","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/fe2c58602354fbd60680dc42ac3a0b772cda7d23","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/3d788b2fbe6a1a1a9e3db09742b90809d51638b7","tags":["x_transferred"]}]}]}}