CVE-2024-40991: 
Linux Debian vulnerability analysis and mitigation

In the Linux kernel, a vulnerability was discovered in the DMA engine subsystem, specifically in the TI K3 UDMA glue code. The issue involves the ofk3udmaglueparsechnbyid() helper function incorrectly invoking 'ofnodeput()' on the 'udmaxnp' device-node without first incrementing its reference count. This vulnerability was assigned CVE-2024-40991 and was disclosed on July 12, 2024 (NVD).

The vulnerability exists in the drivers/dma/ti/k3-udma-glue.c file where the ofk3udmaglueparsechnbyid() function erroneously releases a device node reference that it never acquired. The bug was introduced in commit 81a1f90f20af ('dmaengine: ti: k3-udma-glue: Add function to parse channel by ID'). The fix removes the incorrect ofnode_put() call and simplifies the error handling path (Kernel Commit).

The improper reference counting could lead to undefined behavior in the kernel's device tree handling. In rare cases, if no NULL-terminator is found in memory, the system might crash because the string iterator could overrun and lead to access of unmapped memory above the stack (NVD).

The vulnerability has been fixed in the Linux kernel through a patch that removes the incorrect ofnodeput() call. Users should update to a kernel version containing the fix. The patch has been merged into the stable kernel tree (Kernel Commit).