U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-43856 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: dma: fix call order in dmam_free_coherent dmam_free_coherent() frees a DMA allocation, which makes the freed vaddr available for reuse, then calls devres_destroy() to remove and free the data structure used to track the DMA allocation. Between the two calls, it is possible for a concurrent task to make an allocation with the same vaddr and add it to the devres list. If this happens, there will be two entries in the devres list with the same vaddr and devres_destroy() can free the wrong entry, triggering the WARN_ON() in dmam_match. Fix by destroying the devres entry before freeing the DMA allocation. kokonut //net/encryption http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130 Patch 
https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383650b02e Patch 
https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7 Patch 
https://git.kernel.org/stable/c/28e8b7406d3a1f5329a03aa25a43aa28e087cb20 Patch 
https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9 Patch 
https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954 Patch 
https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb Patch 
https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63 Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-770 Allocation of Resources Without Limits or Throttling cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-43856
NVD Published Date:
08/17/2024
NVD Last Modified:
08/22/2024
Source:
kernel.org