CVE-2024-44949: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-44949 affects the Linux kernel's parisc architecture implementation. The vulnerability was discovered due to an incorrect DMA alignment configuration where ARCH_DMA_MINALIGN was defined as 16 bytes, which is too small. This vulnerability was disclosed on September 4, 2024, and affects Linux kernel versions up to 6.6.46 and versions from 6.7 up to 6.10.5 (NVD).

The vulnerability stems from the possibility of two unrelated 16-byte allocations sharing a cache line. When one allocation is written using DMA and the other using cached write, the value written with DMA may become corrupted. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can lead to DMA corruption in affected systems using the parisc architecture. When exploited, it could result in data corruption when DMA operations are performed, potentially affecting system stability and data integrity (Kernel Patch).

The vulnerability has been fixed by changing ARCH_DMA_MINALIGN to 128 on PA20 and 32 on PA1.1, which represents the largest possible cache line size. Additionally, the fix introduces dynamic tuning of slab cache parameters based on detected cache line size through the implementation of arch_slab_minalign(), cache_line_size(), and dma_get_cache_alignment() functions (Kernel Patch).