CVE-2024-53127

Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"

The commit 8396c793ffdf ("mmc: dw_mmc: Fix IDMAC operation with pages
bigger than 4K") increased the max_req_size, even for 4K pages, causing
various issues:
- Panic booting the kernel/rootfs from an SD card on Rockchip RK3566
- Panic booting the kernel/rootfs from an SD card on StarFive JH7100
- "swiotlb buffer is full" and data corruption on StarFive JH7110

At this stage no fix have been found, so it's probably better to just
revert the change.

This reverts commit 8396c793ffdf28bb8aee7cfe0891080f8cab7890.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Revertir "mmc: dw_mmc: Fix IDMAC operación con páginas mayores a 4K" el commit 8396c793ffdf ("mmc: dw_mmc: Fix IDMAC operación con páginas mayores a 4K") aumentó el max_req_size, incluso para páginas de 4K, causando varios problemas: - Arranque de pánico del kernel/rootfs desde una tarjeta SD en Rockchip RK3566 - Arranque de pánico del kernel/rootfs desde una tarjeta SD en StarFive JH7100 - "El búfer swiotlb está lleno" y corrupción de datos en StarFive JH7110 En esta etapa no se ha encontrado ninguna solución, por lo que probablemente sea mejor simplemente revertir el cambio. Esto revierte el commit 8396c793ffdf28bb8aee7cfe0891080f8cab7890.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-11-19 CVE Reserved
2024-12-04 CVE Published
2024-12-17 EPSS Updated
2024-12-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (16)

URL	Tag	Source
https://git.kernel.org/stable/c/32bd402f6760d57127d58a9888553b2db574bba6	Vuln. Introduced
https://git.kernel.org/stable/c/b9ee16a20d9976686185d7e59cd006c328b6a1e0	Vuln. Introduced
https://git.kernel.org/stable/c/2793f423893579b35dc1fc24dd7c1ce58fa0345a	Vuln. Introduced
https://git.kernel.org/stable/c/9d715a234dd8f01af970b78ae2144a2fd3ead21c	Vuln. Introduced
https://git.kernel.org/stable/c/373f8f5b087f010dddae3306a79c6fdd5c2f8953	Vuln. Introduced
https://git.kernel.org/stable/c/5b4bf3948875064a9adcda4b52b59e0520a8c576	Vuln. Introduced
https://git.kernel.org/stable/c/8396c793ffdf28bb8aee7cfe0891080f8cab7890	Vuln. Introduced
https://git.kernel.org/stable/c/5b1ef10f7d49f3320b0faa894204259e590ce588	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/00bff71745bc3583bd5ca59be91e0ee1d27f1944	2024-12-05
https://git.kernel.org/stable/c/47693ba35bccaa16efa465159a1c12d78258349e	2024-12-14
https://git.kernel.org/stable/c/938c13740f8b555986e53c0fcbaf00dcd1fabd4c	2024-12-14
https://git.kernel.org/stable/c/f701eb601470bfc0a551913ce5f6ebaa770f0ce0	2024-12-14
https://git.kernel.org/stable/c/8f9416147d7ed414109d3501f1cb3d7a1735b25a	2024-11-22
https://git.kernel.org/stable/c/56de724c58c07a7ca3aac027cfd2ccb184ed9e4e	2024-11-22
https://git.kernel.org/stable/c/a4685366f07448420badb710ff5c12aaaadf63ad	2024-11-22
https://git.kernel.org/stable/c/1635e407a4a64d08a8517ac59ca14ad4fc785e75	2024-11-12

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.322 < 4.19.325 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.322 < 4.19.325"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.284 < 5.4.287 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.284 < 5.4.287"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.226 < 5.10.231 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.226 < 5.10.231"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.167 < 5.15.174 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.167 < 5.15.174"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.110 < 6.1.119 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.110 < 6.1.119"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.51 < 6.6.63 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.51 < 6.6.63"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.11 < 6.11.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11 < 6.11.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.11 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11 < 6.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.10.10 Search vendor "Linux" for product "Linux Kernel" and version "6.10.10"		en		Affected