Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveLinuxCVE-2024-46852
HistorySep 27, 2024 - 1:15 p.m.

CVE-2024-46852

2024-09-2713:15:16
Linux
web.nvd.nist.gov
2

AI Score

6.8

Confidence

High

JSON

In the Linux kernel, the following vulnerability has been resolved:

dma-buf: heaps: Fix off-by-one in CMA heap fault handler

Until VM_DONTEXPAND was added in commit 1c1914d6e8c6 (“dma-buf: heaps:
Don’t track CMA dma-buf pages under RssFile”) it was possible to obtain
a mapping larger than the buffer size via mremap and bypass the overflow
check in dma_buf_mmap_internal. When using such a mapping to attempt to
fault past the end of the buffer, the CMA heap fault handler also checks
the fault offset against the buffer size, but gets the boundary wrong by

  1. Fix the boundary check so that we don’t read off the end of the pages
    array and insert an arbitrary page in the mapping.

Affected configurations

Vulners
Node
linuxlinux_kernelRange5.116.1.111
OR
linuxlinux_kernelRange6.2.06.6.52
OR
linuxlinux_kernelRange6.7.06.10.11
OR
linuxlinux_kernelRange6.11.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/dma-buf/heaps/cma_heap.c"
    ],
    "versions": [
      {
        "version": "a5d2d29e24be",
        "lessThan": "84175dc5b2c9",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "a5d2d29e24be",
        "lessThan": "eb7fc8b65cea",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "a5d2d29e24be",
        "lessThan": "e79050882b85",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "a5d2d29e24be",
        "lessThan": "ea5ff5d351b5",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/dma-buf/heaps/cma_heap.c"
    ],
    "versions": [
      {
        "version": "5.11",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.11",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.111",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.52",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10.11",
        "lessThanOrEqual": "6.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.11",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

cvelist 1
nvd 1
debiancve 1
cvelist
cvelist
CVE-2024-46852 dma-buf: heaps: Fix off-by-one in CMA heap fault handler
2024-09-27 12:42:45
nvd
nvd
CVE-2024-46852
2024-09-27 13:15:16
debiancve
debiancve
CVE-2024-46852
2024-09-27 13:15:16

AI Score

6.8

Confidence

High

JSON
Related for CVE-2024-46852
cvelist1nvd1debiancve1