| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix TSO DMA API usage causing oops\n\nCommit 66600fac7a98 (\"net: stmmac: TSO: Fix unbalanced DMA map/unmap\nfor non-paged SKB data\") moved the assignment of tx_skbuff_dma[]'s\nmembers to be later in stmmac_tso_xmit().\n\nThe buf (dma cookie) and len stored in this structure are passed to\ndma_unmap_single() by stmmac_tx_clean(). The DMA API requires that\nthe dma cookie passed to dma_unmap_single() is the same as the value\nreturned from dma_map_single(). However, by moving the assignment\nlater, this is not the case when priv->dma_cap.addr64 > 32 as \"des\"\nis offset by proto_hdr_len.\n\nThis causes problems such as:\n\n dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed\n\nand with DMA_API_DEBUG enabled:\n\n DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes]\n\nFix this by maintaining \"des\" as the original DMA cookie, and use\ntso_des to pass the offset DMA cookie to stmmac_tso_allocator().\n\nFull details of the crashes can be found at:\nhttps://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/\nhttps://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/" |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/net/ethernet/stmicro/stmmac/stmmac_main.c" |
| ], |
| "versions": [ |
| { |
| "version": "07c9c26e37542486e34d767505e842f48f29c3f6", |
| "lessThan": "db3667c9bbfbbf5de98e6c9542f7e03fb5243286", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "66600fac7a984dea4ae095411f644770b2561ede", |
| "lessThan": "9d5dd7ccea1b46a9a7c6b3c2b9e5ed8864e185e2", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "66600fac7a984dea4ae095411f644770b2561ede", |
| "lessThan": "4c49f38e20a57f8abaebdf95b369295b153d1f8e", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ece593fc9c00741b682869d3f3dc584d37b7c9df", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "a3ff23f7c3f0e13f718900803e090fd3997d6bc9", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "58d23d835eb498336716cca55b5714191a309286", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/net/ethernet/stmicro/stmmac/stmmac_main.c" |
| ], |
| "versions": [ |
| { |
| "version": "6.12", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "6.12", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.6.68", |
| "lessThanOrEqual": "6.6.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.12.7", |
| "lessThanOrEqual": "6.12.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.13", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.6.60", |
| "versionEndExcluding": "6.6.68" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.12", |
| "versionEndExcluding": "6.12.7" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.12", |
| "versionEndExcluding": "6.13" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.15.171" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.1.116" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.11.7" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/db3667c9bbfbbf5de98e6c9542f7e03fb5243286" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/9d5dd7ccea1b46a9a7c6b3c2b9e5ed8864e185e2" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/4c49f38e20a57f8abaebdf95b369295b153d1f8e" |
| } |
| ], |
| "title": "net: stmmac: fix TSO DMA API usage causing oops", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2024-56719", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
