CVE-2024-43856Allocation of Resources Without Limits or Throttling in Linux

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-362Race Condition46 documents7 sources
Severity
5.5MEDIUMNVD
OSV8.8OSV7.1
EPSS
0.0%
top 91.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
LinuxLinux KernelDebian Linux+9 more
Timeline
PublishedAug 17
Latest updateJan 9

Description

In the Linux kernel, the following vulnerability has been resolved: dma: fix call order in dmam_free_coherent dmam_free_coherent() frees a DMA allocation, which makes the freed vaddr available for reuse, then calls devres_destroy() to remove and free the data structure used to track the DMA allocation. Between the two calls, it is possible for a concurrent task to make an allocation with the same vaddr and add it to the devres list. If this happens, there will be two entries in the devres lis

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages14 packages

NVDlinux/linux_kernel2.6.214.19.320+6
Debianlinux/linux_kernel< 5.10.226-1+3
Ubuntulinux/linux_kernel< 5.4.0-200.220+4

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

22
OSV
linux-azure, linux-azure-6.8 vulnerabilities2025-01-09
OSV
linux-azure-5.15 vulnerabilities2025-01-09
OSV
linux-azure, linux-azure-4.15 vulnerabilities2025-01-09
OSV
linux-hwe-6.8 vulnerabilities2025-01-06
OSV
linux, linux-lts-xenial vulnerabilities2025-01-06

📋Vendor Advisories

23
Ubuntu
Linux kernel (Azure) vulnerabilities2025-01-09
Ubuntu
Linux kernel (Azure) vulnerabilities2025-01-09
Ubuntu
Linux kernel (Azure) vulnerabilities2025-01-09
Ubuntu
Linux kernel (HWE) vulnerabilities2025-01-06
Ubuntu
Linux kernel vulnerabilities2025-01-06
CVE-2024-43856 — Linux vulnerability | cvebase