CVE-2024-44984: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's bnxt_en driver has been identified and assigned CVE-2024-44984. The issue involves a double DMA unmapping for XDP_REDIRECT in the driver's code path, which should have been removed when page pool handling was implemented for DMA mapping. This vulnerability affects Linux kernel versions from 6.6 up to 6.6.48, from 6.7 up to 6.10.7, and version 6.11 release candidates (rc1-rc4) (NVD).

The vulnerability stems from an unnecessary dma_unmap_page_attrs() call in the bnxt_en driver's XDP_REDIRECT code path. This redundant call causes a kernel warning due to attempting to unmap DMA memory that has already been unmapped. The issue was introduced when the page pool was implemented to handle DMA mapping, but the old unmapping code wasn't removed. The bug triggers a warning in the iommu_dma_unmap_page function, as evidenced by kernel logs showing the warning at drivers/iommu/dma-iommu.c:1198 (Kernel Patch). The CVSS v3.1 base score is 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can trigger a kernel warning and potentially cause a denial of service condition on affected systems. The issue specifically affects systems using the bnxt_en network driver with XDP (eXpress Data Path) functionality (Red Hat).

The issue has been fixed in the Linux kernel through a patch that removes the redundant dma_unmap_page_attrs() call. Users should update to patched kernel versions: 6.6.48 or later for the 6.6 series, 6.10.7 or later for the 6.7-6.10 series (NVD).