CVE-2024-27066

May 1, 2024, 7:50 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: virtio: packed: fix unmap leak for indirect desc table When use_dma_api and premapped are true, then the do_unmap is false. Because the do_unmap is false, vring_unmap_extra_packed is not called by detach_buf_packed. if (unlikely(vq->do_unmap)) { curr = id; for (i = 0; i < state->num; i++) { vring_unmap_extra_packed(vq, &vq->packed.desc_extra[curr]); curr = vq->packed.desc_extra[curr].next; } } So the indirect desc table is not unmapped. This causes the unmap leak. So here, we check vq->use_dma_api instead. Synchronously, dma info is updated based on use_dma_api judgment This bug does not occur, because no driver use the premapped with indirect.

Product(s) Impacted

Product Versions
Linux kernel

Weaknesses

References

https://git.kernel.org/stable/c/51bacd9d29bf98c3ebc65e4a0477bb86306b4140
https://git.kernel.org/stable/c/75450ff8c6fe8755bf5b139b238eaf9739cfd64e
https://git.kernel.org/stable/c/d5c0ed17fea60cca9bc3bf1278b49ba79242bbcd
https://git.kernel.org/stable/c/e142169aca5546ae6619c39a575cda8105362100

Tags

2024-05-01
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVE-2024-27066

Date

  • Published: May 1, 2024, 1:15 p.m.
  • Last Modified: May 1, 2024, 7:50 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.