{"id":"CVE-2024-56719","summary":"net: stmmac: fix TSO DMA API usage causing oops","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix TSO DMA API usage causing oops\n\nCommit 66600fac7a98 (\"net: stmmac: TSO: Fix unbalanced DMA map/unmap\nfor non-paged SKB data\") moved the assignment of tx_skbuff_dma[]'s\nmembers to be later in stmmac_tso_xmit().\n\nThe buf (dma cookie) and len stored in this structure are passed to\ndma_unmap_single() by stmmac_tx_clean(). The DMA API requires that\nthe dma cookie passed to dma_unmap_single() is the same as the value\nreturned from dma_map_single(). However, by moving the assignment\nlater, this is not the case when priv-\u003edma_cap.addr64 \u003e 32 as \"des\"\nis offset by proto_hdr_len.\n\nThis causes problems such as:\n\n  dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed\n\nand with DMA_API_DEBUG enabled:\n\n  DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes]\n\nFix this by maintaining \"des\" as the original DMA cookie, and use\ntso_des to pass the offset DMA cookie to stmmac_tso_allocator().\n\nFull details of the crashes can be found at:\nhttps://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/\nhttps://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/","modified":"2026-04-02T12:25:10.315196Z","published":"2024-12-29T08:48:51.495Z","related":["MGASA-2025-0030","MGASA-2025-0032","SUSE-SU-2025:01919-1","SUSE-SU-2025:01951-1","SUSE-SU-2025:01967-1","SUSE-SU-2025:1177-1","SUSE-SU-2025:1178-1","SUSE-SU-2025:1180-1","SUSE-SU-2025:20190-1","SUSE-SU-2025:20192-1","SUSE-SU-2025:20260-1","SUSE-SU-2025:20270-1","USN-7379-2","USN-7380-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56719.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/4c49f38e20a57f8abaebdf95b369295b153d1f8e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6abcdc9a73274052a9e96a1926994ecf9aedad82"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9d5dd7ccea1b46a9a7c6b3c2b9e5ed8864e185e2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/db3667c9bbfbbf5de98e6c9542f7e03fb5243286"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56719.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56719"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a3ff23f7c3f0e13f718900803e090fd3997d6bc9"},{"fixed":"6abcdc9a73274052a9e96a1926994ecf9aedad82"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"07c9c26e37542486e34d767505e842f48f29c3f6"},{"fixed":"db3667c9bbfbbf5de98e6c9542f7e03fb5243286"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"66600fac7a984dea4ae095411f644770b2561ede"},{"fixed":"9d5dd7ccea1b46a9a7c6b3c2b9e5ed8864e185e2"},{"fixed":"4c49f38e20a57f8abaebdf95b369295b153d1f8e"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"ece593fc9c00741b682869d3f3dc584d37b7c9df"},{"last_affected":"58d23d835eb498336716cca55b5714191a309286"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56719.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}