cve/2024/CVE-2024-56719.md

### [CVE-2024-56719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56719)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=07c9c26e37542486e34d767505e842f48f29c3f6%3C%20db3667c9bbfbbf5de98e6c9542f7e03fb5243286%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In the Linux kernel, the following vulnerability has been resolved:net: stmmac: fix TSO DMA API usage causing oopsCommit 66600fac7a98 ("net: stmmac: TSO: Fix unbalanced DMA map/unmapfor non-paged SKB data") moved the assignment of tx_skbuff_dma[]'smembers to be later in stmmac_tso_xmit().The buf (dma cookie) and len stored in this structure are passed todma_unmap_single() by stmmac_tx_clean(). The DMA API requires thatthe dma cookie passed to dma_unmap_single() is the same as the valuereturned from dma_map_single(). However, by moving the assignmentlater, this is not the case when priv->dma_cap.addr64 > 32 as "des"is offset by proto_hdr_len.This causes problems such as:  dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failedand with DMA_API_DEBUG enabled:  DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes]Fix this by maintaining "des" as the original DMA cookie, and usetso_des to pass the offset DMA cookie to stmmac_tso_allocator().Full details of the crashes can be found at:https://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/https://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/cku-heise/euvd-api-doc