CVE-2024-43856

In the Linux kernel, the following vulnerability has been resolved: dma: fix call order in dmam_free_coherent dmam_free_coherent() frees a DMA allocation, which makes the freed vaddr available for reuse, then calls devres_destroy() to remove and free the data structure used to track the DMA allocation. Between the two calls, it is possible for a concurrent task to make an allocation with the same vaddr and add it to the devres list. If this happens, there will be two entries in the devres list with the same vaddr and devres_destroy() can free the wrong entry, triggering the WARN_ON() in dmam_match. Fix by destroying the devres entry before freeing the DMA allocation. kokonut //net/encryption http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

22 Aug 2024, 17:57

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
CWE CWE-770
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
First Time Linux linux Kernel
Linux
References () https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130 - () https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130 - Patch
References () https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383650b02e - () https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383650b02e - Patch
References () https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7 - () https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7 - Patch
References () https://git.kernel.org/stable/c/28e8b7406d3a1f5329a03aa25a43aa28e087cb20 - () https://git.kernel.org/stable/c/28e8b7406d3a1f5329a03aa25a43aa28e087cb20 - Patch
References () https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9 - () https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9 - Patch
References () https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954 - () https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954 - Patch
References () https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb - () https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb - Patch
References () https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63 - () https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63 - Patch

19 Aug 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: dma: corrige el orden de llamadas en dmam_free_coherent dmam_free_coherent() libera una asignación de DMA, lo que hace que el vaddr liberado esté disponible para su reutilización, luego llama a devres_destroy() para eliminar y liberar la estructura de datos utilizada para realizar un seguimiento de la asignación de DMA. Entre las dos llamadas, es posible que una tarea simultánea realice una asignación con el mismo vaddr y lo agregue a la lista de devres. Si esto sucede, habrá dos entradas en la lista devres con el mismo vaddr y devres_destroy() puede liberar la entrada incorrecta, activando WARN_ON() en dmam_match. Para solucionarlo, destruya la entrada devres antes de liberar la asignación de DMA. kokonut //net/encryption http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03

19 Aug 2024, 05:15

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7 -
  • () https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9 -
  • () https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954 -
  • () https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63 -

17 Aug 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-17 10:15

Updated : 2024-08-22 17:57


NVD link : CVE-2024-43856

Mitre link : CVE-2024-43856

CVE.ORG link : CVE-2024-43856


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-770

Allocation of Resources Without Limits or Throttling