CVE-2024-56756

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-56756
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56756.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-56756
Downstream
Related
Published
2024-12-29T12:15:09Z
Modified
2025-10-01T20:17:49Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

nvme-pci: fix freeing of the HMB descriptor table

The HMB descriptor table is sized to the maximum number of descriptors that could be used for a given device, but _nvmeallochostmem could break out of the loop earlier on memory allocation failure and end up using less descriptors than planned for, which leads to an incorrect size passed to dmafreecoherent.

In practice this was not showing up because the number of descriptors tends to be low and the dma coherent allocator always allocates and frees at least a page.

References

Affected packages