CVE-2024-44949

parisc: fix a possible DMA corruption

Description

In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the other is written using cached write, the value that was written with DMA may be corrupted. This commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 - that's the largest possible cache line size. As different parisc microarchitectures have different cache line size, we define arch_slab_minalign(), cache_line_size() and dma_get_cache_alignment() so that the kernel may tune slab cache parameters dynamically, based on the detected cache line size.

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/00baca74fb5879e5f9034b6156671301f500f8ee
https://git.kernel.org/stable/c/642a0b7453daff0295310774016fcb56d1f5bc7f patch
https://git.kernel.org/stable/c/533de2f470baac40d3bf622fe631f15231a03c9f patch
https://git.kernel.org/stable/c/7ae04ba36b381bffe2471eff3a93edced843240f patch

Frequently Asked Questions

What is the severity of CVE-2024-44949?
CVE-2024-44949 has been scored as a high severity vulnerability.
How to fix CVE-2024-44949?
To fix CVE-2024-44949, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-44949 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-44949 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-44949?
CVE-2024-44949 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.