In the Linux kernel, the following vulnerability has been resolved: net:
atlantic: Fix DMA mapping for PTP hwts ring Function
aq_ring_hwts_rx_alloc() maps extra AQ_CFG_RXDS_DEF bytes for PTP HWTS ring
but then generic aq_ring_free() does not take this into account. Create and
use a specific function to free HWTS ring to fix this issue. Trace: [
215.351607] ------------[ cut here ]------------ [ 215.351612] DMA-API:
atlantic 0000:4b:00.0: device driver frees DMA memory with different size
[device address=0x00000000fbdd0000] [map size=34816 bytes] [unmap
size=32768 bytes] [ 215.351635] WARNING: CPU: 33 PID: 10759 at
kernel/dma/debug.c:988 check_unmap+0xa6f/0x2360 … [ 215.581176] Call
Trace: [ 215.583632] <TASK> [ 215.585745] ? show_trace_log_lvl+0x1c4/0x2df
[ 215.590114] ? show_trace_log_lvl+0x1c4/0x2df [ 215.594497] ?
debug_dma_free_coherent+0x196/0x210 [ 215.599305] ?
check_unmap+0xa6f/0x2360 [ 215.603147] ? __warn+0xca/0x1d0 [ 215.606391] ?
check_unmap+0xa6f/0x2360 [ 215.610237] ? report_bug+0x1ef/0x370 [
215.613921] ? handle_bug+0x3c/0x70 [ 215.617423] ? exc_invalid_op+0x14/0x50
[ 215.621269] ? asm_exc_invalid_op+0x16/0x20 [ 215.625480] ?
check_unmap+0xa6f/0x2360 [ 215.629331] ? mark_lock.part.0+0xca/0xa40 [
215.633445] debug_dma_free_coherent+0x196/0x210 [ 215.638079] ?
__pfx_debug_dma_free_coherent+0x10/0x10 [ 215.643242] ?
slab_free_freelist_hook+0x11d/0x1d0 [ 215.648060] dma_free_attrs+0x6d/0x130
[ 215.651834] aq_ring_free+0x193/0x290 [atlantic] [ 215.656487]
aq_ptp_ring_free+0x67/0x110 [atlantic] … [ 216.127540] —[ end trace
6467e5964dd2640b ]— [ 216.132160] DMA-API: Mapped at: [ 216.132162]
debug_dma_alloc_coherent+0x66/0x2f0 [ 216.132165]
dma_alloc_attrs+0xf5/0x1b0 [ 216.132168] aq_ring_hwts_rx_alloc+0x150/0x1f0
[atlantic] [ 216.132193] aq_ptp_ring_alloc+0x1bb/0x540 [atlantic] [
216.132213] aq_nic_init+0x4a1/0x760 [atlantic]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < 6.5.0-44.44 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < 6.5.0-1023.23~22.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.15 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-6.5 | < 6.5.0-1024.25~22.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-fde | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-fde-5.15 | < any | UNKNOWN |
git.kernel.org/linus/2e7d3b67630dfd8f178c41fa2217aa00e79a5887 (6.8-rc4)
git.kernel.org/stable/c/004fe5b7f59286a926a45e0cafc7870e9cdddd56
git.kernel.org/stable/c/2e7d3b67630dfd8f178c41fa2217aa00e79a5887
git.kernel.org/stable/c/466ceebe48cbba3f4506f165fca7111f9eb8bb12
git.kernel.org/stable/c/e42e334c645575be5432adee224975d4f536fdb1
launchpad.net/bugs/cve/CVE-2024-26680
nvd.nist.gov/vuln/detail/CVE-2024-26680
security-tracker.debian.org/tracker/CVE-2024-26680
ubuntu.com/security/notices/USN-6895-1
ubuntu.com/security/notices/USN-6895-2
ubuntu.com/security/notices/USN-6895-3
ubuntu.com/security/notices/USN-6900-1
www.cve.org/CVERecord?id=CVE-2024-26680