GHSA-G877-JJJQ-5FJC
Vulnerability from github – Published: 2024-08-17 12:30 – Updated: 2026-05-12 12:32In the Linux kernel, the following vulnerability has been resolved:
dma: fix call order in dmam_free_coherent
dmam_free_coherent() frees a DMA allocation, which makes the freed vaddr available for reuse, then calls devres_destroy() to remove and free the data structure used to track the DMA allocation. Between the two calls, it is possible for a concurrent task to make an allocation with the same vaddr and add it to the devres list.
If this happens, there will be two entries in the devres list with the same vaddr and devres_destroy() can free the wrong entry, triggering the WARN_ON() in dmam_match.
Fix by destroying the devres entry before freeing the DMA allocation.
kokonut //net/encryption http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03
{
"affected": [],
"aliases": [
"CVE-2024-43856"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-17T10:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n kokonut //net/encryption\n http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03",
"id": "GHSA-g877-jjjq-5fjc",
"modified": "2026-05-12T12:32:04Z",
"published": "2024-08-17T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43856"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383650b02e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/28e8b7406d3a1f5329a03aa25a43aa28e087cb20"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.