Memory Allocation Issue in Linux Kernel's NVMe PCI Implementation
CVE-2024-56756

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 29 December 2024

What is CVE-2024-56756?

A memory allocation flaw in the NVMe PCI implementation of the Linux kernel has been identified. This vulnerability arises from the handling of the Host Memory Buffer (HMB) descriptor table, which is designed to accommodate the maximum number of descriptors for a device. However, due to a mismanagement in the __nvme_alloc_host_mem function, the allocation process may prematurely exit on memory allocation failure, resulting in fewer descriptors being utilized than intended. This discrepancy can lead to incorrect memory sizes being passed to the dma_free_coherent function. Although this issue was not prevalent in typical scenarios due to low descriptor counts, it potentially poses a risk in high-demand environments where accurate memory management is crucial.

Affected Version(s)

Linux 87ad72a59a38d1df217cfd95bc222a2edfe5d399

Linux 87ad72a59a38d1df217cfd95bc222a2edfe5d399 < 452f9ddd12bebc04cef741e8ba3806bf0e1fd015

Linux 87ad72a59a38d1df217cfd95bc222a2edfe5d399 < 869cf50b9c9d1059f5223f79ef68fc0bc6210095

References

https://git.kernel.org/stable/c/ac22240540e0c5230d8c4138e...

https://git.kernel.org/stable/c/452f9ddd12bebc04cef741e8b...

https://git.kernel.org/stable/c/869cf50b9c9d1059f5223f79e...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 29, 2024
Vulnerability Reserved
Dec 29, 2024