AZL-47937

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-47937.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-47937

Upstream

CVE-2024-43856

Published

2024-08-17T10:15:10Z

Modified

2026-04-01T05:15:59.130625Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-43856 affecting package kernel for versions less than 5.15.167.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

dma: fix call order in dmamfreecoherent

dmamfreecoherent() frees a DMA allocation, which makes the freed vaddr available for reuse, then calls devres_destroy() to remove and free the data structure used to track the DMA allocation. Between the two calls, it is possible for a concurrent task to make an allocation with the same vaddr and add it to the devres list.

If this happens, there will be two entries in the devres list with the same vaddr and devresdestroy() can free the wrong entry, triggering the WARNON() in dmam_match.

Fix by destroying the devres entry before freeing the DMA allocation.

kokonut //net/encryption http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03

References

https://nvd.nist.gov/vuln/detail/CVE-2024-43856

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.167.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-47937.json"