CVE-2024-27066

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-27066
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27066.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-27066
Downstream
Published
2024-05-01T13:04:12.582Z
Modified
2025-11-29T16:34:37.409547Z
Summary
virtio: packed: fix unmap leak for indirect desc table
Details

In the Linux kernel, the following vulnerability has been resolved:

virtio: packed: fix unmap leak for indirect desc table

When usedmaapi and premapped are true, then the do_unmap is false.

Because the dounmap is false, vringunmapextrapacked is not called by detachbufpacked.

if (unlikely(vq->dounmap)) { curr = id; for (i = 0; i < state->num; i++) { vringunmapextrapacked(vq, &vq->packed.descextra[curr]); curr = vq->packed.descextra[curr].next; } }

So the indirect desc table is not unmapped. This causes the unmap leak.

So here, we check vq->usedmaapi instead. Synchronously, dma info is updated based on usedmaapi judgment

This bug does not occur, because no driver use the premapped with indirect.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27066.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b319940f83c21bb4c1fabffe68a862be879a6193
Fixed
e142169aca5546ae6619c39a575cda8105362100
Fixed
75450ff8c6fe8755bf5b139b238eaf9739cfd64e
Fixed
51bacd9d29bf98c3ebc65e4a0477bb86306b4140
Fixed
d5c0ed17fea60cca9bc3bf1278b49ba79242bbcd

Affected versions

v6.*

v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.10
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.7.6
v6.7.7
v6.7.8
v6.7.9
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27066.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.6.0
Fixed
6.6.23
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.7.11
Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.8.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27066.json"