CVE-2024-56756: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56756 is a vulnerability in the Linux kernel's NVMe-PCI driver, specifically related to the Host Memory Buffer (HMB) descriptor table handling. The vulnerability was discovered and disclosed on December 29, 2024. It affects multiple versions of the Linux kernel, from version 4.13 up to versions before 5.4.287, 5.10.231, 5.15.174, 6.1.120, 6.6.64, 6.11.11, and 6.12.2 (NVD).

The vulnerability stems from an incorrect size calculation when freeing the HMB descriptor table. The HMB descriptor table is sized to the maximum number of descriptors that could be used for a given device, but the __nvme_alloc_host_mem function could break out of the loop earlier on memory allocation failure. This results in using fewer descriptors than planned for, leading to an incorrect size being passed to dma_free_coherent. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

While the vulnerability's practical impact has been limited due to the number of descriptors typically being low and the DMA coherent allocator always allocating and freeing at least a page, it could potentially lead to memory handling issues in affected systems. The CVSS scoring indicates that while the vulnerability requires local access and low privileges, it could potentially result in high availability impact to the system (NVD).

The vulnerability has been fixed in various Linux kernel versions through patches that correctly track and handle the HMB descriptor table size. The fix involves adding a new host_mem_descs_size field to store the allocated size and using it consistently in memory management operations. Updates are available for affected versions, and users are advised to upgrade to the patched versions (Ubuntu).