CVE-2024-35791
Published: May 17, 2024
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Do the cache flush of converted pages in svm_register_enc_region() before dropping kvm->lock to fix use-after-free issues where region and/or its array of pages could be freed by a different task, e.g. if userspace has __unregister_enc_region_locked() already queued up for the region. Note, the "obvious" alternative of using local variables doesn't fully resolve the bug, as region->pages is also dynamically allocated. I.e. the region structure itself would be fine, but region->pages could be freed. Flushing multiple pages under kvm->lock is unfortunate, but the entire flow is a rare slow path, and the manual flush is only needed on CPUs that lack coherency for encrypted memory.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 4f627ecde7329e476a077bb0590db8f27bb8f912 - < 2d13b79640b147bd77c34a5998533b2021a4122daffected 19a23da53932bc8011220bd8c410cb76012de004 - < e126b508ed2e616d679d85fca2fbe77bb48bbdd7affected 19a23da53932bc8011220bd8c410cb76012de004 - < 4868c0ecdb6cfde7c70cf478c46e06bb9c7e5865affected 19a23da53932bc8011220bd8c410cb76012de004 - < 12f8e32a5a389a5d58afc67728c76e61beee1ad4affected 19a23da53932bc8011220bd8c410cb76012de004 - < f6d53d8a2617dd58c89171a6b9610c470ebda38a+6 more versions |
Linux | Linux | affected 5.11unaffected 0 - < 5.11unaffected 5.10.215 - <= 5.10.*unaffected 5.15.154 - <= 5.15.*unaffected 6.1.84 - <= 6.1.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now