RE: vmbus CVE-2024-36912 CVE-2024-36913

[Michael Kelley]

From: He Zhe <zhe.he@xxxxxxxxxxxxx> Sent: Wednesday, April 9, 2025 11:15 PM
> 
> Hello,
> 
> I'm investigating if v5.15 and early versions are vulnerable to the following CVEs. Could
> you please help confirm the following cases?
> 
> For CVE-2024-36912, the suggested fix is 211f514ebf1e ("Drivers: hv: vmbus: Track
> decrypted status in vmbus_gpadl") according to https://www.cve.org/CVERecord?id=CVE-2024-36912 
> It seems 211f514ebf1e is based on d4dccf353db8 ("Drivers: hv: vmbus: Mark vmbus
> ring buffer visible to host in Isolation VM") which was introduced since v5.16. For v5.15
> and early versions, vmbus ring buffer hadn't been made visible to host, so there's no
> need to backport 211f514ebf1e to those versions, right?
> 
> For CVE-2024-36913, the suggested fix is 03f5a999adba ("Drivers: hv: vmbus: Leak
> pages if set_memory_encrypted() fails") according to https://www.cve.org/CVERecord?id=CVE-2024-36913
> It seems 03f5a999adba is based on f2f136c05fb6 ("Drivers: hv: vmbus: Add SNP
> support for VMbus channel initiate message") which was introduced since v5.16. For
> v5.15 and early verions, monitor pages hadn't been made visible to host, so there's no
> need to backport 03f5a999adba to those versions, right?
> 

I agree with your conclusions. The two CVE's you list are for Confidential Computing
virtual machines. Support for CoCo VMs (called "Isolation VMs" in commits
d4dccf353db8 and f2f136c05fb6) on Hyper-V was first added in Linux kernel
version 5.16. So the fixes for the CVEs don't need to be backported to any
versions earlier than 5.16.

Michael Kelley