FKIE_CVE-2024-53127

Vulnerability from fkie_nvd - Published: 2024-12-04 15:15 - Updated: 2025-11-03 23:17
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" The commit 8396c793ffdf ("mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K") increased the max_req_size, even for 4K pages, causing various issues: - Panic booting the kernel/rootfs from an SD card on Rockchip RK3566 - Panic booting the kernel/rootfs from an SD card on StarFive JH7100 - "swiotlb buffer is full" and data corruption on StarFive JH7110 At this stage no fix have been found, so it's probably better to just revert the change. This reverts commit 8396c793ffdf28bb8aee7cfe0891080f8cab7890.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/00bff71745bc3583bd5ca59be91e0ee1d27f1944Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1635e407a4a64d08a8517ac59ca14ad4fc785e75Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/47693ba35bccaa16efa465159a1c12d78258349e
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/56de724c58c07a7ca3aac027cfd2ccb184ed9e4ePatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8f9416147d7ed414109d3501f1cb3d7a1735b25aPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/938c13740f8b555986e53c0fcbaf00dcd1fabd4c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a4685366f07448420badb710ff5c12aaaadf63adPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f701eb601470bfc0a551913ce5f6ebaa770f0ce0
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3FCD7A0-ABE5-49E8-A47C-F0169215C4B7",
              "versionEndExcluding": "4.20",
              "versionStartIncluding": "4.19.322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CBF5FEE-FA65-4175-A79C-A4BC95F455FA",
              "versionEndExcluding": "6.1.119",
              "versionStartIncluding": "6.1.110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65D69377-4D8D-42CE-8449-8C96D02515A9",
              "versionEndExcluding": "6.6.63",
              "versionStartIncluding": "6.6.51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D04DE94B-7655-4F33-96C5-47B09FF8D844",
              "versionEndExcluding": "6.11.10",
              "versionStartIncluding": "6.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K\"\n\nThe commit 8396c793ffdf (\"mmc: dw_mmc: Fix IDMAC operation with pages\nbigger than 4K\") increased the max_req_size, even for 4K pages, causing\nvarious issues:\n- Panic booting the kernel/rootfs from an SD card on Rockchip RK3566\n- Panic booting the kernel/rootfs from an SD card on StarFive JH7100\n- \"swiotlb buffer is full\" and data corruption on StarFive JH7110\n\nAt this stage no fix have been found, so it\u0027s probably better to just\nrevert the change.\n\nThis reverts commit 8396c793ffdf28bb8aee7cfe0891080f8cab7890."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Revertir \"mmc: dw_mmc: Fix IDMAC operaci\u00f3n con p\u00e1ginas mayores a 4K\" el commit 8396c793ffdf (\"mmc: dw_mmc: Fix IDMAC operaci\u00f3n con p\u00e1ginas mayores a 4K\") aument\u00f3 el max_req_size, incluso para p\u00e1ginas de 4K, causando varios problemas: - Arranque de p\u00e1nico del kernel/rootfs desde una tarjeta SD en Rockchip RK3566 - Arranque de p\u00e1nico del kernel/rootfs desde una tarjeta SD en StarFive JH7100 - \"El b\u00fafer swiotlb est\u00e1 lleno\" y corrupci\u00f3n de datos en StarFive JH7110 En esta etapa no se ha encontrado ninguna soluci\u00f3n, por lo que probablemente sea mejor simplemente revertir el cambio. Esto revierte el commit 8396c793ffdf28bb8aee7cfe0891080f8cab7890."
    }
  ],
  "id": "CVE-2024-53127",
  "lastModified": "2025-11-03T23:17:22.273",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-12-04T15:15:12.637",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/00bff71745bc3583bd5ca59be91e0ee1d27f1944"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/1635e407a4a64d08a8517ac59ca14ad4fc785e75"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/47693ba35bccaa16efa465159a1c12d78258349e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/56de724c58c07a7ca3aac027cfd2ccb184ed9e4e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/8f9416147d7ed414109d3501f1cb3d7a1735b25a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/938c13740f8b555986e53c0fcbaf00dcd1fabd4c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a4685366f07448420badb710ff5c12aaaadf63ad"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f701eb601470bfc0a551913ce5f6ebaa770f0ce0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.