CVE-2024-50295 in Linux
Summary
by MITRE • 11/19/2024
In the Linux kernel, the following vulnerability has been resolved:
net: arc: fix the device for dma_map_single/dma_unmap_single
The ndev->dev and pdev->dev aren't the same device, use ndev->dev.parent which has dma_mask, ndev->dev.parent is just pdev->dev. Or it would cause the following issue:
[ 39.933526] ------------[ cut here ]------------
[ 39.938414] WARNING: CPU: 1 PID: 501 at kernel/dma/mapping.c:149 dma_map_page_attrs+0x90/0x1f8
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 10/08/2025
The vulnerability CVE-2024-50295 affects the Linux kernel's networking subsystem, specifically within the arc network driver implementation. This issue stems from improper handling of DMA mapping operations that are critical for memory management in network device operations. The flaw manifests when the network device driver attempts to map and unmap single DMA pages using the dma_map_single and dma_unmap_single functions, which are fundamental components of the kernel's DMA subsystem.
The technical root cause of this vulnerability lies in the incorrect device reference being used during DMA mapping operations. The kernel code incorrectly uses ndev->dev instead of ndev->dev.parent when performing DMA operations, creating a mismatch between the device context and the actual device that possesses the required DMA capabilities. This misconfiguration occurs because ndev->dev and pdev->dev represent different device objects within the kernel's device hierarchy, where ndev->dev represents the network device while pdev->dev represents the platform device. The proper device context for DMA operations must reference ndev->dev.parent which contains the valid dma_mask information necessary for proper DMA mapping.
When the kernel attempts to perform DMA mapping operations with the incorrect device reference, it triggers a kernel warning in the DMA mapping subsystem at kernel/dma/mapping.c:149 in the dma_map_page_attrs function. This failure results in a kernel panic or system instability, as the DMA subsystem cannot properly validate the DMA mapping parameters. The warning message indicates that the kernel has detected an invalid operation during DMA page mapping, which can lead to memory corruption or system crashes. This vulnerability directly impacts the reliability and stability of systems running affected Linux kernel versions, particularly those utilizing ARC network drivers.
The operational impact of this vulnerability extends beyond simple system instability to potentially compromise system security and availability. When the DMA mapping fails, network operations may become unreliable or completely fail, leading to denial of service conditions. The vulnerability affects systems where ARC network devices are present and actively used, potentially impacting embedded systems, network appliances, and servers that rely on this specific network driver implementation. According to CWE classification, this represents a weakness in the device driver's memory management practices, specifically CWE-457: Use of Uninitialized Variable, and CWE-754: Improper Check for Unusual or Exceptional Conditions.
Mitigation strategies for CVE-2024-50295 involve applying the official kernel patch that corrects the device reference in the DMA mapping operations. The fix ensures that the ndev->dev.parent is used instead of ndev->dev when performing DMA operations, aligning with the kernel's device hierarchy and proper DMA capability handling. System administrators should prioritize applying this patch to all affected systems, particularly those running network services that depend on ARC network drivers. Additionally, organizations should implement monitoring for kernel warning messages related to DMA mapping failures and consider implementing automated patch management systems to ensure timely remediation. The ATT&CK framework categorizes this vulnerability under T1486: Data Destruction, as the potential for system instability and denial of service could be exploited by adversaries to disrupt network services, and T1547: Persistent Threats, as the vulnerability could be leveraged to maintain persistent access through compromised network operations.