CVE-2024-36913 is a high-severity vulnerability in the Linux kernel's Hyper-V (hv) VMBus driver, specifically related to memory encryption handling. The vulnerability arises when the functions set_memory_encrypted() or set_memory_decrypted() fail during execution in CoCo (Confidential Computing) virtual machines. These functions are responsible for marking memory pages as encrypted or decrypted to ensure confidentiality and integrity of memory contents. If these functions fail, the VMBus driver may incorrectly free decrypted pages back to the page allocator, leading to a memory leak where decrypted (shared) memory is exposed. This can cause functional issues or security risks, such as unauthorized access to sensitive data in memory. The root cause is improper error handling in the VMBus code, which does not adequately handle failures of the encryption state change calls, resulting in leaked decrypted pages. The vulnerability is tracked under CWE-1258 (Improper Handling of Memory State Changes). The CVSS 3.1 score is 8.1 (high), reflecting the network attack vector, high impact on confidentiality, integrity, and availability, and no required privileges or user interaction. No known exploits are reported in the wild yet. The affected versions correspond to specific Linux kernel commits prior to the fix. This vulnerability is particularly relevant for environments running Linux kernels on Hyper-V platforms with Confidential Computing VMs, where memory encryption is critical to isolate workloads from untrusted hosts.

For European organizations, this vulnerability poses significant risks especially for cloud service providers, data centers, and enterprises using Linux-based virtualized environments on Microsoft Azure or other Hyper-V infrastructures supporting Confidential Computing. The leakage of decrypted memory pages could lead to exposure of sensitive data, including cryptographic keys, personal data, or intellectual property, violating GDPR and other data protection regulations. Integrity and availability impacts could also disrupt critical services relying on these VMs. Organizations in finance, healthcare, government, and critical infrastructure sectors are particularly at risk due to the sensitive nature of their workloads and regulatory requirements. The vulnerability could undermine trust in confidential computing solutions, slowing adoption of advanced security technologies. Although exploitation requires a malicious or compromised untrusted host controlling the hypervisor layer, the potential damage from data leakage and service disruption is substantial.

Organizations should promptly apply the Linux kernel patches that address this vulnerability once available. Until patched, they should restrict deployment of CoCo VMs on untrusted or multi-tenant Hyper-V hosts. Monitoring and auditing of hypervisor and VM memory management logs can help detect anomalous behavior related to memory encryption failures. Implement strict access controls and isolation policies on the hypervisor to prevent unauthorized host-level code execution. For cloud providers, ensuring tenant isolation and integrity of the host environment is critical. Additionally, organizations should review their incident response plans to include scenarios involving memory leakage in confidential computing environments. Testing updates in staging environments before production deployment is advised to avoid service disruption. Finally, collaboration with Linux kernel maintainers and cloud vendors for timely updates and guidance is recommended.