CVE-2024-36912

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl<br /> <br /> In CoCo VMs it is possible for the untrusted host to cause<br /> set_memory_encrypted() or set_memory_decrypted() to fail such that an<br /> error is returned and the resulting memory is shared. Callers need to<br /> take care to handle these errors to avoid returning decrypted (shared)<br /> memory to the page allocator, which could lead to functional or security<br /> issues.<br /> <br /> In order to make sure callers of vmbus_establish_gpadl() and<br /> vmbus_teardown_gpadl() don&amp;#39;t return decrypted/shared pages to<br /> allocators, add a field in struct vmbus_gpadl to keep track of the<br /> decryption status of the buffers. This will allow the callers to<br /> know if they should free or leak the pages.