We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-56719

net: stmmac: fix TSO DMA API usage causing oops



Description

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix TSO DMA API usage causing oops Commit 66600fac7a98 ("net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data") moved the assignment of tx_skbuff_dma[]'s members to be later in stmmac_tso_xmit(). The buf (dma cookie) and len stored in this structure are passed to dma_unmap_single() by stmmac_tx_clean(). The DMA API requires that the dma cookie passed to dma_unmap_single() is the same as the value returned from dma_map_single(). However, by moving the assignment later, this is not the case when priv->dma_cap.addr64 > 32 as "des" is offset by proto_hdr_len. This causes problems such as: dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed and with DMA_API_DEBUG enabled: DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes] Fix this by maintaining "des" as the original DMA cookie, and use tso_des to pass the offset DMA cookie to stmmac_tso_allocator(). Full details of the crashes can be found at: https://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/ https://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/

Reserved 2024-12-27 | Published 2024-12-29 | Updated 2024-12-29 | Assigner Linux

Product status

Default status
unaffected

07c9c26e37542486e34d767505e842f48f29c3f6 before db3667c9bbfbbf5de98e6c9542f7e03fb5243286
affected

66600fac7a984dea4ae095411f644770b2561ede before 9d5dd7ccea1b46a9a7c6b3c2b9e5ed8864e185e2
affected

66600fac7a984dea4ae095411f644770b2561ede before 4c49f38e20a57f8abaebdf95b369295b153d1f8e
affected

Default status
affected

6.12
affected

Any version before 6.12
unaffected

6.6.68
unaffected

6.12.7
unaffected

6.13-rc3
unaffected

References

git.kernel.org/...c/db3667c9bbfbbf5de98e6c9542f7e03fb5243286

git.kernel.org/...c/9d5dd7ccea1b46a9a7c6b3c2b9e5ed8864e185e2

git.kernel.org/...c/4c49f38e20a57f8abaebdf95b369295b153d1f8e

cve.org (CVE-2024-56719)

nvd.nist.gov (CVE-2024-56719)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-56719

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.