CVE-2024-46716

dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor Remove list_del call in msgdma_chan_desc_cleanup, this should be the role of msgdma_free_descriptor. In consequence replace list_add_tail with list_move_tail in msgdma_free_descriptor. This fixes the path: msgdma_free_chan_resources -> msgdma_free_descriptors -> msgdma_free_desc_list -> msgdma_free_descriptor which does not correctly free the descriptors as first nodes were not removed from the list.

N/A
CVSS
Severity:
EPSS 0.08%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725
https://git.kernel.org/stable/c/20bf2920a869f9dbda0ef8c94c87d1901a64a716
https://git.kernel.org/stable/c/db67686676c7becc1910bf1d6d51505876821863
https://git.kernel.org/stable/c/54e4ada1a4206f878e345ae01cf37347d803d1b1

Frequently Asked Questions

What is the severity of CVE-2024-46716?
CVE-2024-46716 has not yet been assigned a CVSS score.
How to fix CVE-2024-46716?
To fix CVE-2024-46716, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-46716 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-46716 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-46716?
CVE-2024-46716 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.