Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-27066
HistoryMay 01, 2024 - 12:00 a.m.

CVE-2024-27066

2024-05-0100:00:00
ubuntu.com
ubuntu.com
9
linux kernel
virtio
packed vulnerability
unmap leak
indirect desc table
use_dma_api
premapped

AI Score

6.4

Confidence

Low

EPSS

0

Percentile

15.5%

In the Linux kernel, the following vulnerability has been resolved: virtio:
packed: fix unmap leak for indirect desc table When use_dma_api and
premapped are true, then the do_unmap is false. Because the do_unmap is
false, vring_unmap_extra_packed is not called by detach_buf_packed. if
(unlikely(vq->do_unmap)) { curr = id; for (i = 0; i < state->num; i++) {
vring_unmap_extra_packed(vq, &vq->packed.desc_extra[curr]); curr =
vq->packed.desc_extra[curr].next; } } So the indirect desc table is not
unmapped. This causes the unmap leak. So here, we check vq->use_dma_api
instead. Synchronously, dma info is updated based on use_dma_api judgment
This bug does not occur, because no driver use the premapped with indirect.

AI Score

6.4

Confidence

Low

EPSS

0

Percentile

15.5%