CVE-2024-56719

Medium

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix TSO DMA API usage causing oops Commit 66600fac7a98 ("net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data") moved the assignment of tx_skbuff_dma[]'s members to be later in stmmac_tso_xmit(). The buf (dma cookie) and len stored in this structure are passed to dma_unmap_single() by stmmac_tx_clean(). The DMA API requires that the dma cookie passed to dma_unmap_single() is the same as the value returned from dma_map_single(). However, by moving the assignment later, this is not the case when priv->dma_cap.addr64 > 32 as "des" is offset by proto_hdr_len. This causes problems such as: dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed and with DMA_API_DEBUG enabled: DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes] Fix this by maintaining "des" as the original DMA cookie, and use tso_des to pass the offset DMA cookie to stmmac_tso_allocator(). Full details of the crashes can be found at: https://lore.kernel.org/all/[email protected]/ https://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/

Package Linux Kernel
Published 2024-12-29
Last modified 2026-06-01
CVSS version 3.1
Patch available
Yes

CVSS 3.1 score

5.5

out of 10
Medium
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
High
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected versions

Linux kernel versions 5.15.171, 6.1.116, 6.6.60, 6.11.7, 6.12 and later are affected. Fixed in 5.15.209, 6.1.167, 6.6.68, 6.12.7, 6.13 and their respective stable series.

Affected from
≥ 5.15.171 ≥ 6.1.116 ≥ 6.6.60 ≥ 6.11.7 ≥ 6.12
Fixed in
✓ 5.15.209 5.15.x ✓ 6.1.167 6.1.x ✓ 6.6.68 6.6.x ✓ 6.12.7 6.12.x ✓ 6.13

References

The following references provide additional information about CVE-2024-56719 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

5 patch commits total View all on NVD

Frequently asked questions

  • What is CVE-2024-56719?

    CVE-2024-56719 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . It affects Linux kernel versions from 5.15.171 onward and has been patched in 5.15.209, 6.1.167, 6.6.68 and others. CVE-2024-56719 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

  • What is the CVSS score for CVE-2024-56719?

    CVE-2024-56719 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H .

  • Is there a patch available for CVE-2024-56719?

    Yes — CVE-2024-56719 has been patched. Fixed versions include 5.15.209, 6.1.167, 6.6.68 and others. If you are running Linux kernel 5.15.171 or later up to the fix versions, apply the relevant patch for your kernel branch.

  • Is CVE-2024-56719 actively exploited?

    No — CVE-2024-56719 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

Back to
All CVEs
View on
NVD / NIST