CVE-2024-56756

Summary

In the Linux kernel, the following vulnerability has been resolved:

nvme-pci: fix freeing of the HMB descriptor table

The HMB descriptor table is sized to the maximum number of descriptors that could be used for a given device, but __nvme_alloc_host_mem could break out of the loop earlier on memory allocation failure and end up using less descriptors than planned for, which leads to an incorrect size passed to dma_free_coherent.

In practice this was not showing up because the number of descriptors tends to be low and the dma coherent allocator always allocates and frees at least a page.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux87ad72a59a38d1df217cfd95bc222a2edfe5d399 < ac22240540e0c5230d8c4138e3778420b712716aaffected
LinuxLinux87ad72a59a38d1df217cfd95bc222a2edfe5d399 < 452f9ddd12bebc04cef741e8ba3806bf0e1fd015affected
LinuxLinux87ad72a59a38d1df217cfd95bc222a2edfe5d399 < 869cf50b9c9d1059f5223f79ef68fc0bc6210095affected
LinuxLinux87ad72a59a38d1df217cfd95bc222a2edfe5d399 < fb96d5cfa97a7363245b3dd523f475b04296d87baffected
LinuxLinux87ad72a59a38d1df217cfd95bc222a2edfe5d399 < cee3bff51a35cab1c5d842d409a7b11caefe2386affected
LinuxLinux87ad72a59a38d1df217cfd95bc222a2edfe5d399 < 6d0f599db73b099aa724a12736369c4d4d92849daffected
LinuxLinux87ad72a59a38d1df217cfd95bc222a2edfe5d399 < 582d9ed999b004fb1d415ecbfa86d4d8df455269affected
LinuxLinux87ad72a59a38d1df217cfd95bc222a2edfe5d399 < 3c2fb1ca8086eb139b2a551358137525ae8e0d7aaffected
LinuxLinux4.13affected
LinuxLinux0 < 4.13unaffected
LinuxLinux5.4.287 <= 5.4.*unaffected
LinuxLinux5.10.231 <= 5.10.*unaffected
LinuxLinux5.15.174 <= 5.15.*unaffected
LinuxLinux6.1.120 <= 6.1.*unaffected
LinuxLinux6.6.64 <= 6.6.*unaffected
LinuxLinux6.11.11 <= 6.11.*unaffected
LinuxLinux6.12.2 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References