We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)
Ok

THREATINT
PUBLISHED

CVE-2024-27066

virtio: packed: fix unmap leak for indirect desc table

Reserved:2024-02-19
Published:2024-05-01
Updated:2024-05-13

Description

In the Linux kernel, the following vulnerability has been resolved: virtio: packed: fix unmap leak for indirect desc table When use_dma_api and premapped are true, then the do_unmap is false. Because the do_unmap is false, vring_unmap_extra_packed is not called by detach_buf_packed. if (unlikely(vq->do_unmap)) { curr = id; for (i = 0; i < state->num; i++) { vring_unmap_extra_packed(vq, &vq->packed.desc_extra[curr]); curr = vq->packed.desc_extra[curr].next; } } So the indirect desc table is not unmapped. This causes the unmap leak. So here, we check vq->use_dma_api instead. Synchronously, dma info is updated based on use_dma_api judgment This bug does not occur, because no driver use the premapped with indirect.

Product status

Default status
unaffected

b319940f83c2 before e142169aca55
affected

b319940f83c2 before 75450ff8c6fe
affected

b319940f83c2 before 51bacd9d29bf
affected

b319940f83c2 before d5c0ed17fea6
affected

Default status
affected

6.6
affected

Any version before 6.6
unaffected

6.6.23
unaffected

6.7.11
unaffected

6.8.2
unaffected

6.9
unaffected

References

https://git.kernel.org/stable/c/e142169aca5546ae6619c39a575cda8105362100

https://git.kernel.org/stable/c/75450ff8c6fe8755bf5b139b238eaf9739cfd64e

https://git.kernel.org/stable/c/51bacd9d29bf98c3ebc65e4a0477bb86306b4140

https://git.kernel.org/stable/c/d5c0ed17fea60cca9bc3bf1278b49ba79242bbcd

cve.org CVE-2024-27066

nvd.nist.gov CVE-2024-27066

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-27066