nvd-json-data-feeds/CVE-2024/CVE-2024-270xx/CVE-2024-27066.json

{
  "id": "CVE-2024-27066",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-05-01T13:15:50.850",
  "lastModified": "2024-05-01T13:15:50.850",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: packed: fix unmap leak for indirect desc table\n\nWhen use_dma_api and premapped are true, then the do_unmap is false.\n\nBecause the do_unmap is false, vring_unmap_extra_packed is not called by\ndetach_buf_packed.\n\n  if (unlikely(vq->do_unmap)) {\n                curr = id;\n                for (i = 0; i < state->num; i++) {\n                        vring_unmap_extra_packed(vq,\n                                                 &vq->packed.desc_extra[curr]);\n                        curr = vq->packed.desc_extra[curr].next;\n                }\n  }\n\nSo the indirect desc table is not unmapped. This causes the unmap leak.\n\nSo here, we check vq->use_dma_api instead. Synchronously, dma info is\nupdated based on use_dma_api judgment\n\nThis bug does not occur, because no driver use the premapped with\nindirect."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/51bacd9d29bf98c3ebc65e4a0477bb86306b4140",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/75450ff8c6fe8755bf5b139b238eaf9739cfd64e",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/d5c0ed17fea60cca9bc3bf1278b49ba79242bbcd",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/e142169aca5546ae6619c39a575cda8105362100",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    }
  ]
}
Auto-Update: 2024-05-01T14:00:40.467445+00:00 2024-05-01 14:03:31 +00:00			`{`
			`"id": "CVE-2024-27066",`
			`"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",`
			`"published": "2024-05-01T13:15:50.850",`
			`"lastModified": "2024-05-01T13:15:50.850",`
			`"vulnStatus": "Received",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: packed: fix unmap leak for indirect desc table\n\nWhen use_dma_api and premapped are true, then the do_unmap is false.\n\nBecause the do_unmap is false, vring_unmap_extra_packed is not called by\ndetach_buf_packed.\n\n if (unlikely(vq->do_unmap)) {\n curr = id;\n for (i = 0; i < state->num; i++) {\n vring_unmap_extra_packed(vq,\n &vq->packed.desc_extra[curr]);\n curr = vq->packed.desc_extra[curr].next;\n }\n }\n\nSo the indirect desc table is not unmapped. This causes the unmap leak.\n\nSo here, we check vq->use_dma_api instead. Synchronously, dma info is\nupdated based on use_dma_api judgment\n\nThis bug does not occur, because no driver use the premapped with\nindirect."
			`}`
			`],`
			`"metrics": {},`
			`"references": [`
			`{`
			`"url": "https://git.kernel.org/stable/c/51bacd9d29bf98c3ebc65e4a0477bb86306b4140",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/75450ff8c6fe8755bf5b139b238eaf9739cfd64e",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/d5c0ed17fea60cca9bc3bf1278b49ba79242bbcd",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/e142169aca5546ae6619c39a575cda8105362100",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`}`
			`]`
			`}`