CVE-2024-27408

low-risk

Published 2024-05-17

In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup The Linked list element and pointer are not stored in the same memory as the eDMA controller register. If the doorbell register is toggled before the full write of the linked list a race condition error will occur. In remote setup we can only use a readl to the memory to assure the full write has occurred.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.7/10 Medium

LOCAL / HIGH complexity

Affected Products (7)

Linux Kernel

Affected Vendors

Linux

References (6)

Patch https://git.kernel.org/stable/c/bbcc1c83f343e580c3aa1f2a8593343bf7b55bba

Patch https://git.kernel.org/stable/c/d24fe6d5a1cfdddb7a9ef56736ec501c4d0a5fd3

Patch https://git.kernel.org/stable/c/f396b4df27cfe01a99f4b41f584c49e56477be3a

Patch https://git.kernel.org/stable/c/bbcc1c83f343e580c3aa1f2a8593343bf7b55bba

Patch https://git.kernel.org/stable/c/d24fe6d5a1cfdddb7a9ef56736ec501c4d0a5fd3

Patch https://git.kernel.org/stable/c/f396b4df27cfe01a99f4b41f584c49e56477be3a

/ 100

low-risk

Severity 12/34 · Low

Exploitability 0/34 · Minimal

Exposure 14/34 · Moderate