{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-56756", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-29T11:26:39.761Z", "datePublished": "2024-12-29T11:30:20.516Z", "dateUpdated": "2024-12-29T11:30:20.516Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-29T11:30:20.516Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: fix freeing of the HMB descriptor table\n\nThe HMB descriptor table is sized to the maximum number of descriptors\nthat could be used for a given device, but __nvme_alloc_host_mem could\nbreak out of the loop earlier on memory allocation failure and end up\nusing less descriptors than planned for, which leads to an incorrect\nsize passed to dma_free_coherent.\n\nIn practice this was not showing up because the number of descriptors\ntends to be low and the dma coherent allocator always allocates and\nfrees at least a page."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvme/host/pci.c"], "versions": [{"version": "87ad72a59a38d1df217cfd95bc222a2edfe5d399", "lessThan": "ac22240540e0c5230d8c4138e3778420b712716a", "status": "affected", "versionType": "git"}, {"version": "87ad72a59a38d1df217cfd95bc222a2edfe5d399", "lessThan": "452f9ddd12bebc04cef741e8ba3806bf0e1fd015", "status": "affected", "versionType": "git"}, {"version": "87ad72a59a38d1df217cfd95bc222a2edfe5d399", "lessThan": "869cf50b9c9d1059f5223f79ef68fc0bc6210095", "status": "affected", "versionType": "git"}, {"version": "87ad72a59a38d1df217cfd95bc222a2edfe5d399", "lessThan": "fb96d5cfa97a7363245b3dd523f475b04296d87b", "status": "affected", "versionType": "git"}, {"version": "87ad72a59a38d1df217cfd95bc222a2edfe5d399", "lessThan": "cee3bff51a35cab1c5d842d409a7b11caefe2386", "status": "affected", "versionType": "git"}, {"version": "87ad72a59a38d1df217cfd95bc222a2edfe5d399", "lessThan": "6d0f599db73b099aa724a12736369c4d4d92849d", "status": "affected", "versionType": "git"}, {"version": "87ad72a59a38d1df217cfd95bc222a2edfe5d399", "lessThan": "582d9ed999b004fb1d415ecbfa86d4d8df455269", "status": "affected", "versionType": "git"}, {"version": "87ad72a59a38d1df217cfd95bc222a2edfe5d399", "lessThan": "3c2fb1ca8086eb139b2a551358137525ae8e0d7a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvme/host/pci.c"], "versions": [{"version": "4.13", "status": "affected"}, {"version": "0", "lessThan": "4.13", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.287", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.231", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.174", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.120", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.64", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.11", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.2", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/ac22240540e0c5230d8c4138e3778420b712716a"}, {"url": "https://git.kernel.org/stable/c/452f9ddd12bebc04cef741e8ba3806bf0e1fd015"}, {"url": "https://git.kernel.org/stable/c/869cf50b9c9d1059f5223f79ef68fc0bc6210095"}, {"url": "https://git.kernel.org/stable/c/fb96d5cfa97a7363245b3dd523f475b04296d87b"}, {"url": "https://git.kernel.org/stable/c/cee3bff51a35cab1c5d842d409a7b11caefe2386"}, {"url": "https://git.kernel.org/stable/c/6d0f599db73b099aa724a12736369c4d4d92849d"}, {"url": "https://git.kernel.org/stable/c/582d9ed999b004fb1d415ecbfa86d4d8df455269"}, {"url": "https://git.kernel.org/stable/c/3c2fb1ca8086eb139b2a551358137525ae8e0d7a"}], "title": "nvme-pci: fix freeing of the HMB descriptor table", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3FC0E85-A276-4943-A145-65EB84DFBC0E", "versionEndExcluding": "5.4.287", "versionStartIncluding": "4.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5C644CC-2BD7-4E32-BC54-8DCC7ABE9935", "versionEndExcluding": "5.10.231", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "419FD073-1517-4FD5-8158-F94BC68A1E89", "versionEndExcluding": "5.15.174", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "09AC6122-E2A4-40FE-9D33-268A1B2EC265", "versionEndExcluding": "6.1.120", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7", "versionEndExcluding": "6.6.64", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893", "versionEndExcluding": "6.11.11", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776", "versionEndExcluding": "6.12.2", "versionStartIncluding": "6.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: fix freeing of the HMB descriptor table\n\nThe HMB descriptor table is sized to the maximum number of descriptors\nthat could be used for a given device, but __nvme_alloc_host_mem could\nbreak out of the loop earlier on memory allocation failure and end up\nusing less descriptors than planned for, which leads to an incorrect\nsize passed to dma_free_coherent.\n\nIn practice this was not showing up because the number of descriptors\ntends to be low and the dma coherent allocator always allocates and\nfrees at least a page."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvme-pci: se corrige la liberaci\u00f3n de la tabla de descriptores HMB La tabla de descriptores HMB tiene un tama\u00f1o que coincide con el n\u00famero m\u00e1ximo de descriptores que se pueden usar para un dispositivo determinado, pero __nvme_alloc_host_mem podr\u00eda salir del bucle antes en caso de fallo en la asignaci\u00f3n de memoria y terminar usando menos descriptores de lo planeado, lo que lleva a que se pase un tama\u00f1o incorrecto a dma_free_coherent. En la pr\u00e1ctica, esto no se mostraba porque el n\u00famero de descriptores tiende a ser bajo y el asignador coherente dma siempre asigna y libera al menos una p\u00e1gina."}], "id": "CVE-2024-56756", "lastModified": "2025-01-06T20:33:10.813", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-12-29T12:15:09.190", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3c2fb1ca8086eb139b2a551358137525ae8e0d7a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/452f9ddd12bebc04cef741e8ba3806bf0e1fd015"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/582d9ed999b004fb1d415ecbfa86d4d8df455269"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6d0f599db73b099aa724a12736369c4d4d92849d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/869cf50b9c9d1059f5223f79ef68fc0bc6210095"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ac22240540e0c5230d8c4138e3778420b712716a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cee3bff51a35cab1c5d842d409a7b11caefe2386"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fb96d5cfa97a7363245b3dd523f475b04296d87b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: nvme-pci: fix freeing of the HMB descriptor table", "id": "2334805", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334805"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnvme-pci: fix freeing of the HMB descriptor table\nThe HMB descriptor table is sized to the maximum number of descriptors\nthat could be used for a given device, but __nvme_alloc_host_mem could\nbreak out of the loop earlier on memory allocation failure and end up\nusing less descriptors than planned for, which leads to an incorrect\nsize passed to dma_free_coherent.\nIn practice this was not showing up because the number of descriptors\ntends to be low and the dma coherent allocator always allocates and\nfrees at least a page."], "name": "CVE-2024-56756", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-12-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-56756\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-56756\nhttps://lore.kernel.org/linux-cve-announce/2024122928-CVE-2024-56756-32fb@gregkh/T"], "threat_severity": "Low"}