PT-2024-10495 · Linux+7 · Linux Kernel+7

Joao Pinto

·

Published

2024-04-07

·

Updated

2026-03-14

·

CVE-2024-40970

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the dw-axi-dmac component in the Linux kernel, where an error in resource management can cause a kernel panic due to an overrun of the hw desc array. This occurs when the number of allocated hw descs exceeds the expected amount, such as in a scenario where nr buffers = 3 and each descriptor is composed of 3 segments, resulting in 9 descs allocated. To address this, a proposal has been made to add a new member to the axi dma desc structure to track the number of allocated hw descs and use this information in axi desc put() to handle the hw desc array correctly. Additionally, removing the axi chan start first queued() call after completing the transfer has been suggested, as it can cause unbalance and interrupt started descriptors.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-13979
ALT-PU-2024-14046
BDU:2025-01046
CVE-2024-40970
DLA-4008-1
DSA-5731-1
OESA-2024-2076
OPENSUSE-SU-2024_2947-1
SUSE-SU-2024:2802-1
SUSE-SU-2024:2894-1
SUSE-SU-2024:2896-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2947-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6999-1
USN-6999-2
USN-7004-1
USN-7005-1
USN-7005-2
USN-7007-1
USN-7007-2
USN-7007-3
USN-7008-1
USN-7009-1
USN-7009-2
USN-7019-1
USN-7029-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu