CVE-2024-43856

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 17, 2024

Updated: Aug 19, 2024

CWE ID 770

Summary

CVE-2024-43856 is a vulnerability affecting the Linux kernel where a concurrency issue was identified in the dmam_free_coherent function. Before freeing a DMA allocation, the function destroys the devres entry associated with it. However, if a concurrent task makes an allocation with the same vaddr and adds it to the devres list, the devres_destroy() call can free the wrong entry, leading to inappropriate resource management. This issue has been resolved by destroying the devres entry before freeing the DMA allocation. This vulnerability was reported by Kokonut under the net/encryption tree in the Linux kernel source code.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database