漏洞标题
dma-direct: 在dma_set_decrypted()失败时泄露页面
漏洞描述信息
在Linux内核中,已解决以下漏洞:
DMA直通:在dma_set_decrypted()失败时泄露页面
在TDX上,可能存在不信任的主机导致set_memory_encrypted()或set_memory_decrypted()失败的情况,从而返回错误,并且共享内存的结果。调用者需要确保妥善处理这些错误,以避免将解密(共享)内存返回给页面分配器,这可能导致功能或安全问题。
如果dma_set_decrypted()失败,DMA可能会释放解密/共享页面。这应该是罕见的情况。在这种情况下,只需泄露页面而不是释放它们即可。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
在移除最后引用时对内存的释放不恰当(内存泄露)
漏洞标题
dma-direct: Leak pages on dma_set_decrypted() failure
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved:
dma-direct: Leak pages on dma_set_decrypted() failure
On TDX it is possible for the untrusted host to cause
set_memory_encrypted() or set_memory_decrypted() to fail such that an
error is returned and the resulting memory is shared. Callers need to
take care to handle these errors to avoid returning decrypted (shared)
memory to the page allocator, which could lead to functional or security
issues.
DMA could free decrypted/shared pages if dma_set_decrypted() fails. This
should be a rare case. Just leak the pages in this case instead of
freeing them.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Linux kernel 安全漏洞
漏洞描述信息
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于dma_set_decrypted函数失败时会泄漏页面。
CVSS信息
N/A
漏洞类别
其他