Thierry Reding

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.74 **Description** The issue is related to the TSO DMA API usage in the Linux kernel, specifically in the `stmmac` driver. The problem arises when the assignment of `tx skbuff dma[]` members is moved later in `stmmac tso xmit()`, causing the DMA cookie passed to `dma unmap single()` to be different from the value returned by `dma map single()`. This results in errors such as "Tx DMA map failed" and "device driver tries to free DMA memory it has not allocated". The issue is resolved by maintaining the original DMA cookie and using `tso des` to pass the offset DMA cookie to `stmmac tso allocator()`. **Recommendations** For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider disabling the `stmmac` driver or restricting its use until a patch is available. Avoid using the `dma unmap single()` function with the affected `stmmac` driver until the issue is resolved.