Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-56756
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-29 Dec, 2024 | 11:30
Updated At-03 Nov, 2025 | 20:53
Rejected At-
▼CVE Numbering Authority (CNA)
nvme-pci: fix freeing of the HMB descriptor table

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix freeing of the HMB descriptor table The HMB descriptor table is sized to the maximum number of descriptors that could be used for a given device, but __nvme_alloc_host_mem could break out of the loop earlier on memory allocation failure and end up using less descriptors than planned for, which leads to an incorrect size passed to dma_free_coherent. In practice this was not showing up because the number of descriptors tends to be low and the dma coherent allocator always allocates and frees at least a page.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/nvme/host/pci.c
Default Status
unaffected
Versions
Affected
  • From 87ad72a59a38d1df217cfd95bc222a2edfe5d399 before ac22240540e0c5230d8c4138e3778420b712716a (git)
  • From 87ad72a59a38d1df217cfd95bc222a2edfe5d399 before 452f9ddd12bebc04cef741e8ba3806bf0e1fd015 (git)
  • From 87ad72a59a38d1df217cfd95bc222a2edfe5d399 before 869cf50b9c9d1059f5223f79ef68fc0bc6210095 (git)
  • From 87ad72a59a38d1df217cfd95bc222a2edfe5d399 before fb96d5cfa97a7363245b3dd523f475b04296d87b (git)
  • From 87ad72a59a38d1df217cfd95bc222a2edfe5d399 before cee3bff51a35cab1c5d842d409a7b11caefe2386 (git)
  • From 87ad72a59a38d1df217cfd95bc222a2edfe5d399 before 6d0f599db73b099aa724a12736369c4d4d92849d (git)
  • From 87ad72a59a38d1df217cfd95bc222a2edfe5d399 before 582d9ed999b004fb1d415ecbfa86d4d8df455269 (git)
  • From 87ad72a59a38d1df217cfd95bc222a2edfe5d399 before 3c2fb1ca8086eb139b2a551358137525ae8e0d7a (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/nvme/host/pci.c
Default Status
affected
Versions
Affected
  • 4.13
Unaffected
  • From 0 before 4.13 (semver)
  • From 5.4.287 through 5.4.* (semver)
  • From 5.10.231 through 5.10.* (semver)
  • From 5.15.174 through 5.15.* (semver)
  • From 6.1.120 through 6.1.* (semver)
  • From 6.6.64 through 6.6.* (semver)
  • From 6.11.11 through 6.11.* (semver)
  • From 6.12.2 through 6.12.* (semver)
  • From 6.13 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/ac22240540e0c5230d8c4138e3778420b712716a
N/A
https://git.kernel.org/stable/c/452f9ddd12bebc04cef741e8ba3806bf0e1fd015
N/A
https://git.kernel.org/stable/c/869cf50b9c9d1059f5223f79ef68fc0bc6210095
N/A
https://git.kernel.org/stable/c/fb96d5cfa97a7363245b3dd523f475b04296d87b
N/A
https://git.kernel.org/stable/c/cee3bff51a35cab1c5d842d409a7b11caefe2386
N/A
https://git.kernel.org/stable/c/6d0f599db73b099aa724a12736369c4d4d92849d
N/A
https://git.kernel.org/stable/c/582d9ed999b004fb1d415ecbfa86d4d8df455269
N/A
https://git.kernel.org/stable/c/3c2fb1ca8086eb139b2a551358137525ae8e0d7a
N/A
Hyperlink: https://git.kernel.org/stable/c/ac22240540e0c5230d8c4138e3778420b712716a
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/452f9ddd12bebc04cef741e8ba3806bf0e1fd015
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/869cf50b9c9d1059f5223f79ef68fc0bc6210095
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/fb96d5cfa97a7363245b3dd523f475b04296d87b
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/cee3bff51a35cab1c5d842d409a7b11caefe2386
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/6d0f599db73b099aa724a12736369c4d4d92849d
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/582d9ed999b004fb1d415ecbfa86d4d8df455269
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/3c2fb1ca8086eb139b2a551358137525ae8e0d7a
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-noinfoCWE-noinfo Not enough information
Type: CWE
CWE ID: CWE-noinfo
Description: CWE-noinfo Not enough information
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
N/A
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
Resource: N/A
Details not found