CVE-2024-35791

EPSS 0.03%
Veröffentlicht 17.05.2024 13:15:58
Zuletzt bearbeitet 23.12.2025 18:45:58
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()

Do the cache flush of converted pages in svm_register_enc_region() before
dropping kvm->lock to fix use-after-free issues where region and/or its
array of pages could be freed by a different task, e.g. if userspace has
__unregister_enc_region_locked() already queued up for the region.

Note, the "obvious" alternative of using local variables doesn't fully
resolve the bug, as region->pages is also dynamically allocated.  I.e. the
region structure itself would be fine, but region->pages could be freed.

Flushing multiple pages under kvm->lock is unfortunate, but the entire
flow is a rare slow path, and the manual flush is only needed on CPUs that
lack coherency for encrypted memory.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.19.176 < 4.20

Linux ≫ Linux Kernel Version >= 5.4.98 < 5.5

Linux ≫ Linux Kernel Version >= 5.10.15 < 5.10.215

Linux ≫ Linux Kernel Version >= 5.11.1 < 5.15.154

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.84

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.24

Linux ≫ Linux Kernel Version >= 6.7 < 6.7.12

Linux ≫ Linux Kernel Version5.11 Update-

Linux ≫ Linux Kernel Version5.11 Updaterc7

Linux ≫ Linux Kernel Version6.8 Updaterc1

Linux ≫ Linux Kernel Version6.8 Updaterc2

Linux ≫ Linux Kernel Version6.8 Updaterc3

Linux ≫ Linux Kernel Version6.8 Updaterc4

Linux ≫ Linux Kernel Version6.8 Updaterc5

Linux ≫ Linux Kernel Version6.8 Updaterc6

Linux ≫ Linux Kernel Version6.8 Updaterc7

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.072

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Third Party Advisory

https://git.kernel.org/stable/c/12f8e32a5a389a5d58afc67728c76e61beee1ad4

Patch

https://git.kernel.org/stable/c/2d13b79640b147bd77c34a5998533b2021a4122d

Patch

https://git.kernel.org/stable/c/4868c0ecdb6cfde7c70cf478c46e06bb9c7e5865

Patch

https://git.kernel.org/stable/c/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807

Patch

https://git.kernel.org/stable/c/e126b508ed2e616d679d85fca2fbe77bb48bbdd7

Patch