SB2024090575 - Improper neutralization of directives in statically saved code (\'static code injection\') in Linux kernel parisc
Published: September 5, 2024 Updated: May 12, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
CWE-ID: CWE-96 - Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be possible that 2 unrelated 16-byte allocations share a cache line. If 1 of these allocations is written using DMA and the other is written using cached write, the value that was written with DMA may be corrupted. This commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 - that is the largest possible cache line size. As different parisc microarchitectures have different cache line size, we define arch_slab_minalign(), cache_line_size() and dma_get_cache_alignment() so that the kernel may tune slab cache parameters dynamically, based on the detected cache line size.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/642a0b7453daff0295310774016fcb56d1f5bc7f
- https://git.kernel.org/stable/c/533de2f470baac40d3bf622fe631f15231a03c9f
- https://git.kernel.org/stable/c/7ae04ba36b381bffe2471eff3a93edced843240f
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.174
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.175
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.119
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.46