Researchers have uncovered a significant vulnerability in the Linux kernel‘s dmam_free_coherent() function, designated as CVE-2024-43856. This flaw, rooted in a race condition, arises from an improper sequence of operations when managing Direct Memory Access (DMA) allocations. DMA is crucial for enabling hardware devices to transfer data directly to and from system memory, bypassing the CPU and improving performance. However, this vulnerability allows attackers to exploit the race condition to bypass CPU controls and write arbitrary data into system memory, potentially causing system instabilities, data corruption, or crashes.
The issue arises from the function’s flawed handling of DMA memory allocation and deallocation. When the dmam_free_coherent() function attempts to free DMA memory, it does so before destroying the tracking data structure used for the allocation. This misstep can lead to a situation where a concurrent task might allocate memory with the same virtual address, resulting in incorrect memory access. The faulty operation can trigger a race condition, where the function devres_destroy() may free the wrong entry, causing further instability.
To address this vulnerability, a patch has been introduced by Lance Richardson of Google, and committed by Greg Kroah-Hartman. The patch modifies the order of function calls in dmam_free_coherent() to ensure that the tracking data structure is destroyed before freeing the DMA memory. This adjustment prevents concurrent tasks from interfering with the cleanup process, thereby mitigating the risk of exploitation. The patch has undergone testing within Google’s internal network and has been approved for integration into the mainline Linux kernel.
The resolution of this issue highlights the ongoing efforts within the developer community to address and rectify potential bugs in critical system components. While the exploitability of this vulnerability requires specific conditions and additional weaknesses, the introduction of this patch marks a crucial step toward enhancing the security and reliability of the Linux operating system. As Linux continues to power a wide range of devices, patches like this play a vital role in maintaining robust system stability and security.
Reference:
