CVE-2024-56719

MEDIUM EPSS 10.5%
Published Dec 29, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Dec 29, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix TSO DMA API usage causing oops Commit 66600fac7a98 ("net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data") moved the assignment of tx_skbuff_dma[]'s members to be later in stmmac_tso_xmit(). The buf (dma cookie) and len stored in this structure are passed to dma_unmap_single() by stmmac_tx_clean(). The DMA API requires that the dma cookie passed to dma_unmap_single() is the same as the value returned from dma_map_single(). However, by moving the assignment later, this is not the case when priv->dma_cap.addr64 > 32 as "des" is offset by proto_hdr_len. This causes problems such as: dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed and with DMA_API_DEBUG enabled: DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes] Fix this by maintaining "des" as the original DMA cookie, and use tso_des to pass the offset DMA cookie to stmmac_tso_allocator(). Full details of the crashes can be found at: https://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/ https://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
10.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel*≥5.15.171  –  <5.16
linuxlinux_kernel*≥6.1.116  –  <6.2
linuxlinux_kernel*≥6.6.60  –  <6.6.68
linuxlinux_kernel*≥6.11.7  –  <6.12.7
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/05968b6dd0ffc65d7386608b11a11fb4fdfc9f36
  • git.kernel.org https://git.kernel.org/stable/c/4c49f38e20a57f8abaebdf95b369295b153d1f8e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6abcdc9a73274052a9e96a1926994ecf9aedad82
  • git.kernel.org https://git.kernel.org/stable/c/9d5dd7ccea1b46a9a7c6b3c2b9e5ed8864e185e2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/db3667c9bbfbbf5de98e6c9542f7e03fb5243286
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/4c49f38e20a57f8abaebdf95b369295b153d1f8e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9d5dd7ccea1b46a9a7c6b3c2b9e5ed8864e185e2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/db3667c9bbfbbf5de98e6c9542f7e03fb5243286
    Patch