1. Home
  2. Vulnerabilities
  3. CVE-2024-27066

CVE-2024-27066

EPSS 0.04 % (16th)
0.04% Progress
Advisories 5
NVD Status Awaiting Analysis
Info EPSS References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

In the Linux kernel, the following vulnerability has been resolved:

virtio: packed: fix unmap leak for indirect desc table

When use_dma_api and premapped are true, then the do_unmap is false.

Because the do_unmap is false, vring_unmap_extra_packed is not called by
detach_buf_packed.

if (unlikely(vq->do_unmap)) {
curr = id;
for (i = 0; i < state->num; i++) {
vring_unmap_extra_packed(vq,
&vq->packed.desc_extra[curr]);
curr = vq->packed.desc_extra[curr].next;
}
}

So the indirect desc table is not unmapped. This causes the unmap leak.

So here, we check vq->use_dma_api instead. Synchronously, dma info is
updated based on use_dma_api judgment

This bug does not occur, because no driver use the premapped with
indirect.

CVE Status
PUBLISHED
NVD Status
Awaiting Analysis
CNA
kernel.org
Published Date
2024-05-01 13:15:50
(4 months ago)
Updated Date
2024-05-01 19:50:25
(4 months ago)