CVE-2024-27066

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> virtio: packed: fix unmap leak for indirect desc table<br /> <br /> When use_dma_api and premapped are true, then the do_unmap is false.<br /> <br /> Because the do_unmap is false, vring_unmap_extra_packed is not called by<br /> detach_buf_packed.<br /> <br /> if (unlikely(vq-&gt;do_unmap)) {<br /> curr = id;<br /> for (i = 0; i num; i++) {<br /> vring_unmap_extra_packed(vq,<br /> &amp;vq-&gt;packed.desc_extra[curr]);<br /> curr = vq-&gt;packed.desc_extra[curr].next;<br /> }<br /> }<br /> <br /> So the indirect desc table is not unmapped. This causes the unmap leak.<br /> <br /> So here, we check vq-&gt;use_dma_api instead. Synchronously, dma info is<br /> updated based on use_dma_api judgment<br /> <br /> This bug does not occur, because no driver use the premapped with<br /> indirect.