vulnerability
Ubuntu: (CVE-2024-27408): linux-raspi-realtime vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | May 17, 2024 | Feb 11, 2025 | May 22, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
May 17, 2024
Added
Feb 11, 2025
Modified
May 22, 2025
Description
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup
The Linked list element and pointer are not stored in the same memory as
the eDMA controller register. If the doorbell register is toggled before
the full write of the linked list a race condition error will occur.
In remote setup we can only use a readl to the memory to assure the full
write has occurred.
Solution
ubuntu-upgrade-linux-raspi-realtime
References
- CVE-2024-27408
- https://attackerkb.com/topics/CVE-2024-27408
- URL-https://git.kernel.org/linus/bbcc1c83f343e580c3aa1f2a8593343bf7b55bba
- URL-https://git.kernel.org/stable/c/bbcc1c83f343e580c3aa1f2a8593343bf7b55bba
- URL-https://git.kernel.org/stable/c/d24fe6d5a1cfdddb7a9ef56736ec501c4d0a5fd3
- URL-https://git.kernel.org/stable/c/f396b4df27cfe01a99f4b41f584c49e56477be3a
- URL-https://www.cve.org/CVERecord?id=CVE-2024-27408
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.