Lucene search

LinuxCVE-2024-43856

HistoryAug 17, 2024 - 10:15 a.m.

CVE-2024-43856

2024-08-1710:15:10

CWE-770

Linux

web.nvd.nist.gov

linux kernel

vulnerability

cve-2024-43856

dmam_free_coherent

call order

dma allocation

devres_destroy

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

Low

EPSS

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

dma: fix call order in dmam_free_coherent

dmam_free_coherent() frees a DMA allocation, which makes the
freed vaddr available for reuse, then calls devres_destroy()
to remove and free the data structure used to track the DMA
allocation. Between the two calls, it is possible for a
concurrent task to make an allocation with the same vaddr
and add it to the devres list.

If this happens, there will be two entries in the devres list
with the same vaddr and devres_destroy() can free the wrong
entry, triggering the WARN_ON() in dmam_match.

Fix by destroying the devres entry before freeing the DMA
allocation.

kokonut //net/encryption
http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelRange2.6.21–4.19.320

linuxlinux_kernelRange4.20–5.4.282

linuxlinux_kernelRange5.5–5.10.224

linuxlinux_kernelRange5.11–5.15.165

linuxlinux_kernelRange5.16–6.1.103

linuxlinux_kernelRange6.2–6.6.44

linuxlinux_kernelRange6.7–6.10.3

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "kernel/dma/mapping.c"
    ],
    "versions": [
      {
        "version": "9ac7849e35f7",
        "lessThan": "fe2d246080f0",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9ac7849e35f7",
        "lessThan": "2f7bbdc744f2",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9ac7849e35f7",
        "lessThan": "257193083e8f",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9ac7849e35f7",
        "lessThan": "87b34c8c94e2",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9ac7849e35f7",
        "lessThan": "f993a4baf6b6",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9ac7849e35f7",
        "lessThan": "1fe97f68fce1",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9ac7849e35f7",
        "lessThan": "22094f5f52e7",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9ac7849e35f7",
        "lessThan": "28e8b7406d3a",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "kernel/dma/mapping.c"
    ],
    "versions": [
      {
        "version": "2.6.21",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "2.6.21",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.320",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.282",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.224",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.165",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.103",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.44",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10.3",
        "lessThanOrEqual": "6.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.11",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]