{ "threat_severity" : "Moderate", "public_date" : "2024-08-17T00:00:00Z", "bugzilla" : { "description" : "kernel: dma: fix call order in dmam_free_coherent", "id" : "2305514", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2305514" }, "cvss3" : { "cvss3_base_score" : "4.4", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-362", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndma: fix call order in dmam_free_coherent\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\nFix by destroying the devres entry before freeing the DMA\nallocation.\nkokonut //net/encryption\nhttp://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03", "A vulnerability was found in the Linux kernel's dma subsystem in the dmam_free_coherent() function where a race condition is possible between the calls to dmam_free_coherent() and devres_destroy() leading to a double entry in the devres list. This flaw could potentially lead to memory corruption or unexpected behavior." ], "statement" : "Red Hat believes this vulnerability to be of moderate impact because elevated privileges are required to trigger this vulnerability, seeing as DMA is low-level memory management operation typically limited to kernel-mode operations, and drivers often need elevated privileges to interact with hardware.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-43856\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-43856\nhttps://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43856-9087@gregkh/T" ], "name" : "CVE-2024-43856", "csaw" : false }