SecuriTricks - CVE-2024-44949

Description

In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the other is written using cached write, the value that was written with DMA may be corrupted. This commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 - that's the largest possible cache line size. As different parisc microarchitectures have different cache line size, we define arch_slab_minalign(), cache_line_size() and dma_get_cache_alignment() so that the kernel may tune slab cache parameters dynamically, based on the detected cache line size.

Product(s) Impacted

Vendor	Product	Versions
Linux	Linux Kernel	*, 6.11

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	linux	linux_kernel	/	/	/	/	/	/	/	/
o	linux	linux_kernel	/	/	/	/	/	/	/	/
o	linux	linux_kernel	6.11	rc1	/	/	/	/	/	/

References

https://git.kernel.org/stable/c/533de2f470baac40d3bf622fe631f15231a03c9f

https://git.kernel.org/stable/c/642a0b7453daff0295310774016fcb56d1f5bc7f

https://git.kernel.org/stable/c/7ae04ba36b381bffe2471eff3a93edced843240f

CVSS Score

7.8 / 10

CVSS Data

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

View Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Date

Published: Sept. 4, 2024, 7:15 p.m.
Last Modified: Oct. 9, 2024, 1:53 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE-2024-44949