Login Sign Up

CVE-2024-36912

8.1 HIGH

📋 TL;DR

A vulnerability in the Linux kernel's Hyper-V vmbus driver could allow an untrusted host in Confidential Computing (CoCo) virtual machines to cause memory decryption failures, potentially exposing sensitive memory pages. This affects Linux systems running as CoCo VMs on Hyper-V platforms. Attackers could exploit this to access decrypted/shared memory that should remain encrypted.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not specified in CVE, but patches available for stable kernel branches
Operating Systems: Linux distributions using affected kernel versions with Hyper-V vmbus driver
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems running as Confidential Computing (CoCo) VMs on Microsoft Hyper-V with the vmbus driver enabled.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An untrusted host could access sensitive encrypted memory contents, potentially exposing credentials, encryption keys, or other protected data from the guest VM.

🟠

Likely Case

Memory corruption or information disclosure where the host gains access to portions of guest VM memory that should remain encrypted.

🟢

If Mitigated

With proper memory isolation and encryption controls, the impact is limited to potential denial of service or minor information leaks.

🌐 Internet-Facing: LOW - This requires access to the hypervisor/host layer, not direct internet exposure.
🏢 Internal Only: HIGH - In virtualized environments, compromised or malicious hypervisor administrators could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH - Requires hypervisor-level access and specific CoCo VM configuration

Exploitation requires the attacker to control or compromise the hypervisor hosting the CoCo VM.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel branches (commits referenced in CVE)

Vendor Advisory: https://git.kernel.org/stable/c/1999644d95194d4a58d3e80ad04ce19220a01a81

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Disable Hyper-V integration

linux

Remove or disable Hyper-V vmbus driver if not required

modprobe -r hv_vmbus
echo 'blacklist hv_vmbus' >> /etc/modprobe.d/blacklist.conf

Avoid CoCo VM deployment

all

Do not deploy as Confidential Computing VM on Hyper-V

🧯 If You Can't Patch

  • Isolate affected VMs from sensitive workloads and data
  • Implement strict access controls for hypervisor administration

🔍 How to Verify

Check if Vulnerable:

Check if running as CoCo VM on Hyper-V with kernel version before patches: 'uname -r' and verify Hyper-V modules loaded: 'lsmod | grep hv_'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and check for presence of vmbus_gpadl structure updates in kernel source

📡 Detection & Monitoring

Log Indicators:

  • Kernel logs showing memory encryption/decryption errors
  • Hyper-V event logs showing abnormal memory operations

Network Indicators:

  • Unusual hypervisor-to-guest communication patterns

SIEM Query:

source="kernel" AND ("set_memory_encrypted" OR "set_memory_decrypted" OR "vmbus_gpadl") AND error

📊 Metadata

CVE ID: CVE-2024-36912
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-1258
Published: May 30, 2024
Last Updated: November 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON