CVE-2024-43856
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-43856 is a vulnerability affecting the Linux kernel where a concurrency issue was identified in the dmam_free_coherent function. Before freeing a DMA allocation, the function destroys the devres entry associated with it. However, if a concurrent task makes an allocation with the same vaddr and adds it to the devres list, the devres_destroy() call can free the wrong entry, leading to inappropriate resource management. This issue has been resolved by destroying the devres entry before freeing the DMA allocation. This vulnerability was reported by Kokonut under the net/encryption tree in the Linux kernel source code.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.