AZL-49837

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-49837.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-49837

Upstream

CVE-2024-46852

Published

2024-09-27T13:15:16Z

Modified

2026-04-01T05:17:28.791679Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2024-46852 affecting package kernel for versions less than 6.6.56.1-5

Details

In the Linux kernel, the following vulnerability has been resolved:

dma-buf: heaps: Fix off-by-one in CMA heap fault handler

Until VMDONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps: Don't track CMA dma-buf pages under RssFile") it was possible to obtain a mapping larger than the buffer size via mremap and bypass the overflow check in dmabufmmapinternal. When using such a mapping to attempt to fault past the end of the buffer, the CMA heap fault handler also checks the fault offset against the buffer size, but gets the boundary wrong by 1. Fix the boundary check so that we don't read off the end of the pages array and insert an arbitrary page in the mapping.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-46852

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.56.1-5

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-49837.json"