CVE-2024-27408

dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup The Linked list element and pointer are not stored in the same memory as the eDMA controller register. If the doorbell register is toggled before the full write of the linked list a race condition error will occur. In remote setup we can only use a readl to the memory to assure the full write has occurred.

N/A

CVSS

Severity:

EPSS 0.12%

Affected: Linux Linux

References

Link	Tags
https://git.kernel.org/stable/c/d24fe6d5a1cfdddb7a9ef56736ec501c4d0a5fd3
https://git.kernel.org/stable/c/f396b4df27cfe01a99f4b41f584c49e56477be3a
https://git.kernel.org/stable/c/bbcc1c83f343e580c3aa1f2a8593343bf7b55bba

Frequently Asked Questions

What is the severity of CVE-2024-27408?: CVE-2024-27408 has not yet been assigned a CVSS score.
How to fix CVE-2024-27408?: To fix CVE-2024-27408, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-27408 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-27408 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-27408?: CVE-2024-27408 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.