What is CVE-2024-53058?

CVE-2024-53058 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10, affecting Linux kernel versions from 4.7 onward and patched in 5.15.171, 6.1.116, 6.6.60 and others. CVE-2024-53058 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-53058?

CVE-2024-53058 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-53058?

Yes, CVE-2024-53058 has been patched. Fixed versions include 5.15.171, 6.1.116, 6.6.60 and others. If you are running Linux kernel 4.7 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2024-53058 actively exploited?

CVE-2024-53058 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-53058

Medium

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data In case the non-paged data of a SKB carries protocol header and protocol payload to be transmitted on a certain platform that the DMA AXI address width is configured to 40-bit/48-bit, or the size of the non-paged data is bigger than TSO_MAX_BUFF_SIZE on a certain platform that the DMA AXI address width is configured to 32-bit, then this SKB requires at least two DMA transmit descriptors to serve it. For example, three descriptors are allocated to split one DMA buffer mapped from one piece of non-paged data: dma_desc[N + 0], dma_desc[N + 1], dma_desc[N + 2]. Then three elements of tx_q->tx_skbuff_dma[] will be allocated to hold extra information to be reused in stmmac_tx_clean(): tx_q->tx_skbuff_dma[N + 0], tx_q->tx_skbuff_dma[N + 1], tx_q->tx_skbuff_dma[N + 2]. Now we focus on tx_q->tx_skbuff_dma[entry].buf, which is the DMA buffer address returned by DMA mapping call. stmmac_tx_clean() will try to unmap the DMA buffer _ONLY_IF_ tx_q->tx_skbuff_dma[entry].buf is a valid buffer address. The expected behavior that saves DMA buffer address of this non-paged data to tx_q->tx_skbuff_dma[entry].buf is: tx_q->tx_skbuff_dma[N + 0].buf = NULL; tx_q->tx_skbuff_dma[N + 1].buf = NULL; tx_q->tx_skbuff_dma[N + 2].buf = dma_map_single(); Unfortunately, the current code misbehaves like this: tx_q->tx_skbuff_dma[N + 0].buf = dma_map_single(); tx_q->tx_skbuff_dma[N + 1].buf = NULL; tx_q->tx_skbuff_dma[N + 2].buf = NULL; On the stmmac_tx_clean() side, when dma_desc[N + 0] is closed by the DMA engine, tx_q->tx_skbuff_dma[N + 0].buf is a valid buffer address obviously, then the DMA buffer will be unmapped immediately. There may be a rare case that the DMA engine does not finish the pending dma_desc[N + 1], dma_desc[N + 2] yet. Now things will go horribly wrong, DMA is going to access a unmapped/unreferenced memory region, corrupted data will be transmited or iommu fault will be triggered :( In contrast, the for-loop that maps SKB fragments behaves perfectly as expected, and that is how the driver should do for both non-paged data and paged frags actually. This patch corrects DMA map/unmap sequences by fixing the array index for tx_q->tx_skbuff_dma[entry].buf when assigning DMA buffer address. Tested and verified on DWXGMAC CORE 3.20a

Package Linux Kernel

Published 2024-11-19

Last modified 2025-11-03

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected versions

Linux kernel versions 4.7 and later are affected. Fixed in 5.15.171, 6.1.116, 6.6.60, 6.11.7, 6.12 and their respective stable series.

Affected from

≥ 4.7

Fixed in

✓ 5.15.171 5.15.x ✓ 6.1.116 6.1.x ✓ 6.6.60 6.6.x ✓ 6.11.7 6.11.x ✓ 6.12

References

The following references provide additional information about CVE-2024-53058 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Kernel patch commit
https://git.kernel.org/stable/c/07c9c26e37542486e34d767505e842f48f29c3f6
Patch
Kernel patch commit
https://git.kernel.org/stable/c/58d23d835eb498336716cca55b5714191a309286
Patch
Kernel patch commit
https://git.kernel.org/stable/c/66600fac7a984dea4ae095411f644770b2561ede
Patch

5 patch commits total View all on NVD

Details

CVE ID CVE-2024-53058

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-11-19

Modified 2025-11-03

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2024-53058?

CVE-2024-53058 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . It affects Linux kernel versions from 4.7 onward and has been patched in 5.15.171, 6.1.116, 6.6.60 and others. CVE-2024-53058 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-53058?

CVE-2024-53058 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-53058?

Yes — CVE-2024-53058 has been patched. Fixed versions include 5.15.171, 6.1.116, 6.6.60 and others. If you are running Linux kernel 4.7 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2024-53058 actively exploited?

No — CVE-2024-53058 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.