{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-43856", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-17T09:11:59.278Z", "datePublished": "2024-08-17T09:24:26.560Z", "dateUpdated": "2024-11-05T09:41:13.703Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:41:13.703Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n kokonut //net/encryption\n http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/dma/mapping.c"], "versions": [{"version": "9ac7849e35f7", "lessThan": "fe2d246080f0", "status": "affected", "versionType": "git"}, {"version": "9ac7849e35f7", "lessThan": "2f7bbdc744f2", "status": "affected", "versionType": "git"}, {"version": "9ac7849e35f7", "lessThan": "257193083e8f", "status": "affected", "versionType": "git"}, {"version": "9ac7849e35f7", "lessThan": "87b34c8c94e2", "status": "affected", "versionType": "git"}, {"version": "9ac7849e35f7", "lessThan": "f993a4baf6b6", "status": "affected", "versionType": "git"}, {"version": "9ac7849e35f7", "lessThan": "1fe97f68fce1", "status": "affected", "versionType": "git"}, {"version": "9ac7849e35f7", "lessThan": "22094f5f52e7", "status": "affected", "versionType": "git"}, {"version": "9ac7849e35f7", "lessThan": "28e8b7406d3a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/dma/mapping.c"], "versions": [{"version": "2.6.21", "status": "affected"}, {"version": "0", "lessThan": "2.6.21", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.320", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.282", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.224", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.165", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.103", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.44", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.3", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63"}, {"url": "https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9"}, {"url": "https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7"}, {"url": "https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954"}, {"url": "https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb"}, {"url": "https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130"}, {"url": "https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383650b02e"}, {"url": "https://git.kernel.org/stable/c/28e8b7406d3a1f5329a03aa25a43aa28e087cb20"}], "title": "dma: fix call order in dmam_free_coherent", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43856", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:07:08.178694Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:20.523Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43856", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:07:08.178694Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:22.874Z"}}], "cna": {"title": "dma: fix call order in dmam_free_coherent", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "9ac7849e35f7", "lessThan": "fe2d246080f0", "versionType": "git"}, {"status": "affected", "version": "9ac7849e35f7", "lessThan": "2f7bbdc744f2", "versionType": "git"}, {"status": "affected", "version": "9ac7849e35f7", "lessThan": "257193083e8f", "versionType": "git"}, {"status": "affected", "version": "9ac7849e35f7", "lessThan": "87b34c8c94e2", "versionType": "git"}, {"status": "affected", "version": "9ac7849e35f7", "lessThan": "f993a4baf6b6", "versionType": "git"}, {"status": "affected", "version": "9ac7849e35f7", "lessThan": "1fe97f68fce1", "versionType": "git"}, {"status": "affected", "version": "9ac7849e35f7", "lessThan": "22094f5f52e7", "versionType": "git"}, {"status": "affected", "version": "9ac7849e35f7", "lessThan": "28e8b7406d3a", "versionType": "git"}], "programFiles": ["kernel/dma/mapping.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.21"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.21", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.320", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.282", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.224", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.165", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.103", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.44", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.3", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["kernel/dma/mapping.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63"}, {"url": "https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9"}, {"url": "https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7"}, {"url": "https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954"}, {"url": "https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb"}, {"url": "https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130"}, {"url": "https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383650b02e"}, {"url": "https://git.kernel.org/stable/c/28e8b7406d3a1f5329a03aa25a43aa28e087cb20"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n kokonut //net/encryption\n http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:41:13.703Z"}}}, "cveMetadata": {"cveId": "CVE-2024-43856", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:41:13.703Z", "dateReserved": "2024-08-17T09:11:59.278Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-17T09:24:26.560Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "482B11C0-6B3C-4F07-817D-E7E181A88878", "versionEndExcluding": "4.19.320", "versionStartIncluding": "2.6.21", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8961D98-9ACF-4188-BA88-44038B14BC28", "versionEndExcluding": "5.4.282", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CCEDF13-293D-4E64-B501-4409D0365AFE", "versionEndExcluding": "5.10.224", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4E2B568-3171-41DE-B519-F2B1A3600D94", "versionEndExcluding": "5.15.165", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E45EAC72-8329-4F99-8276-86AF9BB3496A", "versionEndExcluding": "6.1.103", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC912330-6B41-4C6B-99AF-F3857FBACB6A", "versionEndExcluding": "6.6.44", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D", "versionEndExcluding": "6.10.3", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n kokonut //net/encryption\n http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: dma: corrige el orden de llamadas en dmam_free_coherent dmam_free_coherent() libera una asignaci\u00f3n de DMA, lo que hace que el vaddr liberado est\u00e9 disponible para su reutilizaci\u00f3n, luego llama a devres_destroy() para eliminar y liberar la estructura de datos utilizada para realizar un seguimiento de la asignaci\u00f3n de DMA. Entre las dos llamadas, es posible que una tarea simult\u00e1nea realice una asignaci\u00f3n con el mismo vaddr y lo agregue a la lista de devres. Si esto sucede, habr\u00e1 dos entradas en la lista devres con el mismo vaddr y devres_destroy() puede liberar la entrada incorrecta, activando WARN_ON() en dmam_match. Para solucionarlo, destruya la entrada devres antes de liberar la asignaci\u00f3n de DMA. kokonut //net/encryption http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03"}], "id": "CVE-2024-43856", "lastModified": "2024-08-22T17:57:08.640", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-17T10:15:10.613", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383650b02e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/28e8b7406d3a1f5329a03aa25a43aa28e087cb20"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: dma: fix call order in dmam_free_coherent", "id": "2305514", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305514"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-362", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndma: fix call order in dmam_free_coherent\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\nFix by destroying the devres entry before freeing the DMA\nallocation.\nkokonut //net/encryption\nhttp://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03"], "name": "CVE-2024-43856", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-43856\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-43856\nhttps://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43856-9087@gregkh/T"], "statement": "Red Hat believes this vulnerability to be of moderate impact because elevated privileges are required to trigger this vulnerability, seeing as DMA is low-level memory management operation typically limited to kernel-mode operations, and drivers often need elevated privileges to interact with hardware.", "threat_severity": "Moderate"}