CVE-2024-43856

dma: fix call order in dmam_free_coherent

Description

In the Linux kernel, the following vulnerability has been resolved: dma: fix call order in dmam_free_coherent dmam_free_coherent() frees a DMA allocation, which makes the freed vaddr available for reuse, then calls devres_destroy() to remove and free the data structure used to track the DMA allocation. Between the two calls, it is possible for a concurrent task to make an allocation with the same vaddr and add it to the devres list. If this happens, there will be two entries in the devres list with the same vaddr and devres_destroy() can free the wrong entry, triggering the WARN_ON() in dmam_match. Fix by destroying the devres entry before freeing the DMA allocation. kokonut //net/encryption http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63 patch
https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9 patch
https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7 patch
https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954 patch
https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb patch
https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130 patch
https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383650b02e patch
https://git.kernel.org/stable/c/28e8b7406d3a1f5329a03aa25a43aa28e087cb20 patch

Frequently Asked Questions

What is the severity of CVE-2024-43856?
CVE-2024-43856 has been scored as a medium severity vulnerability.
How to fix CVE-2024-43856?
To fix CVE-2024-43856, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-43856 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-43856 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-43856?
CVE-2024-43856 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.