Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2024-56767— dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset

AI Predicted 5.5 Difficulty: Moderate EPSS 0.01% · P3

Affected Version Matrix 16

VendorProductVersion RangeStatus
LinuxLinuxb206d9a23ac71cb905f5fb6e0cd813406f89b678< 3d229600c54e9e0909080ecaf1aab0642aefa5f0affected
b206d9a23ac71cb905f5fb6e0cd813406f89b678< ed1a8aaa344522c0c349ac9042db27ad130ef913affected
b206d9a23ac71cb905f5fb6e0cd813406f89b678< 8d364597de9ce2a5f52714224bfe6c2e7a29b303affected
b206d9a23ac71cb905f5fb6e0cd813406f89b678< fdba6d5e455388377ec7e82a5913ddfcc7edd93baffected
b206d9a23ac71cb905f5fb6e0cd813406f89b678< e658f1c133b854b2ae799147301d82dddb8f3162affected
b206d9a23ac71cb905f5fb6e0cd813406f89b678< 54376d8d26596f98ed7432a788314bb9154bf3e3affected
b206d9a23ac71cb905f5fb6e0cd813406f89b678< c43ec96e8d34399bd9dab2f2dc316b904892133faffected
4.2affected
… +8 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-56767

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset The at_xdmac_memset_create_desc may return NULL, which will lead to a null pointer dereference. For example, the len input is error, or the atchan->free_descs_list is empty and memory is exhausted. Therefore, add check to avoid this.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于在dmaengine模块的at_xdmac驱动中,at_xdmac_memset_create_desc函数可能返回NULL,例如输入的len值错误或atchan->free_descs_list为空且内存耗尽时,若未进行检查,将导致空指针引用错误,影响DMA操作的正常进行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux b206d9a23ac71cb905f5fb6e0cd813406f89b678 ~ 3d229600c54e9e0909080ecaf1aab0642aefa5f0 -
LinuxLinux 4.2 -

II. Public POCs for CVE-2024-56767

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-56767

登录查看更多情报信息。

Patches & Fixes for CVE-2024-56767 (7)

Same Patch Batch · Linux · 2025-01-06 · 12 CVEs total

CVE-2024-56757Bluetooth: btusb: mediatek: add intf release flow when usb disconnect
CVE-2024-56758btrfs: check folio mapping after unlock in relocate_one_folio()
CVE-2024-56759btrfs: fix use-after-free when COWing tree bock and tracing is enabled
CVE-2024-56760PCI/MSI: Handle lack of irqdomain gracefully
CVE-2024-56761x86/fred: Clear WFE in missing-ENDBRANCH #CPs
CVE-2024-56763tracing: Prevent bad count for tracing_cpumask_write
CVE-2024-56764ublk: detach gendisk from ublk device if add_disk() fails
CVE-2024-56765powerpc/pseries/vas: Add close() callback in vas_vm_ops struct
CVE-2024-56766mtd: rawnand: fix double free in atmel_pmecc_create_user()
CVE-2024-56768bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP
CVE-2024-56769media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2024-56767

No comments yet

Leave a comment