CVE-2024-43856
Severity:
MEDIUM
Type:
Unavailable / Other
Publication date:
17/08/2024
Last modified:
22/08/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
dma: fix call order in dmam_free_coherent<br />
<br />
dmam_free_coherent() frees a DMA allocation, which makes the<br />
freed vaddr available for reuse, then calls devres_destroy()<br />
to remove and free the data structure used to track the DMA<br />
allocation. Between the two calls, it is possible for a<br />
concurrent task to make an allocation with the same vaddr<br />
and add it to the devres list.<br />
<br />
If this happens, there will be two entries in the devres list<br />
with the same vaddr and devres_destroy() can free the wrong<br />
entry, triggering the WARN_ON() in dmam_match.<br />
<br />
Fix by destroying the devres entry before freeing the DMA<br />
allocation.<br />
<br />
kokonut //net/encryption<br />
http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.21 (including) | 4.19.320 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.282 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.224 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.165 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.103 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.44 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.10.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130
- https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383650b02e
- https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7
- https://git.kernel.org/stable/c/28e8b7406d3a1f5329a03aa25a43aa28e087cb20
- https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9
- https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954
- https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb
- https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63