CVE-2024-27066
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-27066
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27066.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-27066
- Downstream
- Published
- 2024-05-01T13:15:50Z
- Modified
- 2024-11-21T09:03:47Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
virtio: packed: fix unmap leak for indirect desc table
When usedmaapi and premapped are true, then the do_unmap is false.
Because the dounmap is false, vringunmapextrapacked is not called by detachbufpacked.
if (unlikely(vq->dounmap)) { curr = id; for (i = 0; i < state->num; i++) { vringunmapextrapacked(vq, &vq->packed.descextra[curr]); curr = vq->packed.descextra[curr].next; } }
So the indirect desc table is not unmapped. This causes the unmap leak.
So here, we check vq->usedmaapi instead. Synchronously, dma info is updated based on usedmaapi judgment
This bug does not occur, because no driver use the premapped with indirect.
- References
-
- https://git.kernel.org/stable/c/51bacd9d29bf98c3ebc65e4a0477bb86306b4140
- https://git.kernel.org/stable/c/75450ff8c6fe8755bf5b139b238eaf9739cfd64e
- https://git.kernel.org/stable/c/d5c0ed17fea60cca9bc3bf1278b49ba79242bbcd
- https://git.kernel.org/stable/c/e142169aca5546ae6619c39a575cda8105362100
- https://security-tracker.debian.org/tracker/CVE-2024-27066
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source