Linux Kernel TDX Guest Decrypted Memory Leak Vulnerability

Vulnerability

A vulnerability in the Linux kernel's handling of decrypted memory in TDX guest virtual machines has been addressed. In CoCo VMs, an untrusted host can cause the 'set_memory_decrypted()' function to fail, leading to a leak of decrypted memory that is shared. This situation arises because the error is not properly managed, allowing decrypted memory to be returned to the page allocator, potentially causing functional or security problems. The vulnerability involves leaking decrypted memory when 'set_memory_decrypted()' fails, without printing an error, since 'set_memory_decrypted()' will already call 'WARN_ONCE()'.

Impact

The vulnerability could lead to unintended sharing of decrypted memory, which may cause functional or security issues.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel TDX Guest Decrypted Memory Leak Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating