CVE-2024-26680
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-26680
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26680.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-26680
- Downstream
- Related
- Published
- 2024-04-02T07:01:44Z
- Modified
- 2025-10-14T13:14:22.631243Z
- Summary
- net: atlantic: Fix DMA mapping for PTP hwts ring
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: atlantic: Fix DMA mapping for PTP hwts ring
Function aqringhwtsrxalloc() maps extra AQCFGRXDSDEF bytes for PTP HWTS ring but then generic aqring_free() does not take this into account. Create and use a specific function to free HWTS ring to fix this issue.
Trace: [ 215.351607] ------------[ cut here ]------------ [ 215.351612] DMA-API: atlantic 0000:4b:00.0: device driver frees DMA memory with different size [device address=0x00000000fbdd0000] [map size=34816 bytes] [unmap size=32768 bytes] [ 215.351635] WARNING: CPU: 33 PID: 10759 at kernel/dma/debug.c:988 checkunmap+0xa6f/0x2360 ... [ 215.581176] Call Trace: [ 215.583632] <TASK> [ 215.585745] ? showtraceloglvl+0x1c4/0x2df [ 215.590114] ? showtraceloglvl+0x1c4/0x2df [ 215.594497] ? debugdmafreecoherent+0x196/0x210 [ 215.599305] ? checkunmap+0xa6f/0x2360 [ 215.603147] ? _warn+0xca/0x1d0 [ 215.606391] ? checkunmap+0xa6f/0x2360 [ 215.610237] ? reportbug+0x1ef/0x370 [ 215.613921] ? handlebug+0x3c/0x70 [ 215.617423] ? excinvalidop+0x14/0x50 [ 215.621269] ? asmexcinvalidop+0x16/0x20 [ 215.625480] ? checkunmap+0xa6f/0x2360 [ 215.629331] ? marklock.part.0+0xca/0xa40 [ 215.633445] debugdmafreecoherent+0x196/0x210 [ 215.638079] ? _pfxdebugdmafreecoherent+0x10/0x10 [ 215.643242] ? slabfreefreelisthook+0x11d/0x1d0 [ 215.648060] dmafreeattrs+0x6d/0x130 [ 215.651834] aqringfree+0x193/0x290 [atlantic] [ 215.656487] aqptpringfree+0x67/0x110 [atlantic] ... [ 216.127540] ---[ end trace 6467e5964dd2640b ]--- [ 216.132160] DMA-API: Mapped at: [ 216.132162] debugdmaalloccoherent+0x66/0x2f0 [ 216.132165] dmaallocattrs+0xf5/0x1b0 [ 216.132168] aqringhwtsrxalloc+0x150/0x1f0 [atlantic] [ 216.132193] aqptpringalloc+0x1bb/0x540 [atlantic] [ 216.132213] aqnicinit+0x4a1/0x760 [atlantic]
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/004fe5b7f59286a926a45e0cafc7870e9cdddd56
- https://git.kernel.org/stable/c/2e7d3b67630dfd8f178c41fa2217aa00e79a5887
- https://git.kernel.org/stable/c/466ceebe48cbba3f4506f165fca7111f9eb8bb12
- https://git.kernel.org/stable/c/e42e334c645575be5432adee224975d4f536fdb1
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced94ad94558b0fbf18dd6fb0987540af1693157556Fixed466ceebe48cbba3f4506f165fca7111f9eb8bb12
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced94ad94558b0fbf18dd6fb0987540af1693157556Fixed004fe5b7f59286a926a45e0cafc7870e9cdddd56
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced94ad94558b0fbf18dd6fb0987540af1693157556Fixede42e334c645575be5432adee224975d4f536fdb1
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced94ad94558b0fbf18dd6fb0987540af1693157556Fixed2e7d3b67630dfd8f178c41fa2217aa00e79a5887
Affected versions
v5.*
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.4
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.2
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.2
v6.7.3
v6.7.4
v6.8-rc1
v6.8-rc2
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2024-26680-04d67816",
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/aquantia/atlantic/aq_ptp.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e42e334c645575be5432adee224975d4f536fdb1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"246409467698268165485219931923210396466",
"17325277071480142766265898768352433590",
"135033191428097522845044111333645521529",
"136464354233371926168001635914762495137",
"160991894669296145776645397856674216848",
"298438346631441423915100739342849084624",
"165778678520891010716786695012022914962",
"339771479419571658333562551818545642646"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"id": "CVE-2024-26680-0772eff2",
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/aquantia/atlantic/aq_ring.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2e7d3b67630dfd8f178c41fa2217aa00e79a5887",
"digest": {
"threshold": 0.9,
"line_hashes": [
"156277942907412253015844585243226596476",
"32670839205985476295948886969816953094",
"217040222712045531647130417575786316760",
"330922856251630450392748409050172623091"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"id": "CVE-2024-26680-20722df7",
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/aquantia/atlantic/aq_ptp.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2e7d3b67630dfd8f178c41fa2217aa00e79a5887",
"digest": {
"threshold": 0.9,
"line_hashes": [
"246409467698268165485219931923210396466",
"17325277071480142766265898768352433590",
"135033191428097522845044111333645521529",
"136464354233371926168001635914762495137",
"160991894669296145776645397856674216848",
"298438346631441423915100739342849084624",
"165778678520891010716786695012022914962",
"339771479419571658333562551818545642646"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"id": "CVE-2024-26680-78d1e089",
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/aquantia/atlantic/aq_ptp.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@466ceebe48cbba3f4506f165fca7111f9eb8bb12",
"digest": {
"threshold": 0.9,
"line_hashes": [
"246409467698268165485219931923210396466",
"17325277071480142766265898768352433590",
"135033191428097522845044111333645521529",
"136464354233371926168001635914762495137",
"160991894669296145776645397856674216848",
"298438346631441423915100739342849084624",
"165778678520891010716786695012022914962",
"339771479419571658333562551818545642646"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"id": "CVE-2024-26680-9ba96279",
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/aquantia/atlantic/aq_ring.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@466ceebe48cbba3f4506f165fca7111f9eb8bb12",
"digest": {
"threshold": 0.9,
"line_hashes": [
"156277942907412253015844585243226596476",
"32670839205985476295948886969816953094",
"217040222712045531647130417575786316760",
"330922856251630450392748409050172623091"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"id": "CVE-2024-26680-c70b3716",
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/aquantia/atlantic/aq_ring.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@004fe5b7f59286a926a45e0cafc7870e9cdddd56",
"digest": {
"threshold": 0.9,
"line_hashes": [
"156277942907412253015844585243226596476",
"32670839205985476295948886969816953094",
"217040222712045531647130417575786316760",
"330922856251630450392748409050172623091"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"id": "CVE-2024-26680-e23b8411",
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/aquantia/atlantic/aq_ptp.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@004fe5b7f59286a926a45e0cafc7870e9cdddd56",
"digest": {
"threshold": 0.9,
"line_hashes": [
"246409467698268165485219931923210396466",
"17325277071480142766265898768352433590",
"135033191428097522845044111333645521529",
"136464354233371926168001635914762495137",
"160991894669296145776645397856674216848",
"298438346631441423915100739342849084624",
"165778678520891010716786695012022914962",
"339771479419571658333562551818545642646"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"id": "CVE-2024-26680-f29e764b",
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/aquantia/atlantic/aq_ring.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e42e334c645575be5432adee224975d4f536fdb1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"156277942907412253015844585243226596476",
"32670839205985476295948886969816953094",
"217040222712045531647130417575786316760",
"330922856251630450392748409050172623091"
]
},
"deprecated": false,
"signature_version": "v1"
}
]
}