CVE-2024-56756

nvme-pci: fix freeing of the HMB descriptor table

Description

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix freeing of the HMB descriptor table The HMB descriptor table is sized to the maximum number of descriptors that could be used for a given device, but __nvme_alloc_host_mem could break out of the loop earlier on memory allocation failure and end up using less descriptors than planned for, which leads to an incorrect size passed to dma_free_coherent. In practice this was not showing up because the number of descriptors tends to be low and the dma coherent allocator always allocates and frees at least a page.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/ac22240540e0c5230d8c4138e3778420b712716a patch
https://git.kernel.org/stable/c/452f9ddd12bebc04cef741e8ba3806bf0e1fd015 patch
https://git.kernel.org/stable/c/869cf50b9c9d1059f5223f79ef68fc0bc6210095 patch
https://git.kernel.org/stable/c/fb96d5cfa97a7363245b3dd523f475b04296d87b patch
https://git.kernel.org/stable/c/cee3bff51a35cab1c5d842d409a7b11caefe2386 patch
https://git.kernel.org/stable/c/6d0f599db73b099aa724a12736369c4d4d92849d patch
https://git.kernel.org/stable/c/582d9ed999b004fb1d415ecbfa86d4d8df455269 patch
https://git.kernel.org/stable/c/3c2fb1ca8086eb139b2a551358137525ae8e0d7a patch

Frequently Asked Questions

What is the severity of CVE-2024-56756?
CVE-2024-56756 has been scored as a medium severity vulnerability.
How to fix CVE-2024-56756?
To fix CVE-2024-56756, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-56756 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-56756 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-56756?
CVE-2024-56756 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.