CVE-2024-43856

MEDIUM

Linux Kernel - Use-After-Free in dmam_free_coherent

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: dma: fix call order in dmam_free_coherent dmam_free_coherent() frees a DMA allocation, which makes the freed vaddr available for reuse, then calls devres_destroy() to remove and free the data structure used to track the DMA allocation. Between the two calls, it is possible for a concurrent task to make an allocation with the same vaddr and add it to the devres list. If this happens, there will be two entries in the devres list with the same vaddr and devres_destroy() can free the wrong entry, triggering the WARN_ON() in dmam_match. Fix by destroying the devres entry before freeing the DMA allocation. kokonut //net/encryption http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03

References (11)

Core 11
Core References

Scores

CVSS v3 5.5
EPSS 0.0040
EPSS Percentile 31.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-770
Status published
Products (26)
linux/Kernel 2.6.21 - 4.19.320linux
linux/Kernel 4.20.0 - 5.4.282linux
linux/Kernel 5.11.0 - 5.15.165linux
linux/Kernel 5.16.0 - 6.1.103linux
linux/Kernel 5.5.0 - 5.10.224linux
linux/Kernel 6.2.0 - 6.6.44linux
linux/Kernel 6.7.0 - 6.10.3linux
Linux/Linux < 2.6.21
Linux/Linux 2.6.21
Linux/Linux 4.19.320 - 4.19.*
... and 16 more
Published Aug 17, 2024
Tracked Since Feb 18, 2026