CVE-2024-27066: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: virtio: packed: fix unmap leak for indirect desc table When use_dma_api and premapped are true, then the do_unmap is false. Because the do_unmap is false, vring_unmap_extra_packed is not called by detach_buf_packed. if (unlikely(vq->do_unmap)) { curr = id; for (i = 0; i < state->num; i++) { vring_unmap_extra_packed(vq, &vq->packed.desc_extra[curr]); curr = vq->packed.desc_extra[curr].next; } } So the indirect desc table is not unmapped. This causes the unmap leak. So here, we check vq->use_dma_api instead. Synchronously, dma info is updated based on use_dma_api judgment This bug does not occur, because no driver use the premapped with indirect.
AI Analysis
Technical Summary
CVE-2024-27066 is a vulnerability identified in the Linux kernel's virtio subsystem, specifically related to the handling of indirect descriptor tables in the packed virtqueue implementation. Virtio is a virtualization standard for network and disk device drivers where the guest's device drivers communicate with the host. The vulnerability arises from an unmap leak caused by incorrect conditional logic in the unmapping process of indirect descriptor tables when both 'use_dma_api' and 'premapped' flags are true. The code incorrectly checks the 'do_unmap' flag to decide whether to unmap the indirect descriptor table, but in this scenario, 'do_unmap' remains false, preventing the call to 'vring_unmap_extra_packed' which is responsible for unmapping. Consequently, the indirect descriptor table is not unmapped, leading to a resource leak. The fix involves changing the condition to check 'use_dma_api' instead of 'do_unmap' and synchronously updating DMA information accordingly. However, the vulnerability is noted to be theoretical because no current drivers use the 'premapped' flag in conjunction with indirect descriptors, meaning exploitation is unlikely under current conditions. No known exploits are reported in the wild, and no CVSS score has been assigned yet. This vulnerability affects specific Linux kernel versions identified by commit hashes, and it was published on May 1, 2024.
Potential Impact
For European organizations, the impact of CVE-2024-27066 is currently limited due to the lack of drivers using the vulnerable configuration ('premapped' with indirect descriptors). However, if future drivers or custom kernel modules adopt this configuration, the unmap leak could lead to resource exhaustion in the kernel's virtio subsystem. This could degrade system performance or cause denial of service conditions in virtualized environments, particularly those heavily reliant on virtio for network or storage virtualization, such as cloud service providers, data centers, and enterprises using virtualization extensively. Confidentiality and integrity impacts are minimal since the vulnerability primarily causes resource leaks rather than direct code execution or privilege escalation. Availability could be affected if the leak leads to kernel memory exhaustion or instability. Given the Linux kernel's widespread use in European infrastructure, especially in cloud and telecom sectors, vigilance is warranted despite the low immediate risk.
Mitigation Recommendations
European organizations should ensure that their Linux kernel versions are updated to include the patch that corrects the unmap logic in the virtio packed descriptor handling. Specifically, kernel maintainers and system administrators should track and apply updates from trusted Linux distributions that incorporate this fix. Additionally, organizations should audit any custom or third-party kernel modules or drivers that might use the 'premapped' flag with indirect descriptors to assess exposure. Virtualization platform operators should monitor kernel logs for unusual resource leaks or virtio subsystem warnings. Employing kernel memory leak detection tools and performing regular system health checks can help identify potential exploitation or misconfigurations early. Finally, organizations should maintain robust patch management processes to quickly deploy kernel updates once they become available from their Linux distribution vendors.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2024-27066: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: virtio: packed: fix unmap leak for indirect desc table When use_dma_api and premapped are true, then the do_unmap is false. Because the do_unmap is false, vring_unmap_extra_packed is not called by detach_buf_packed. if (unlikely(vq->do_unmap)) { curr = id; for (i = 0; i < state->num; i++) { vring_unmap_extra_packed(vq, &vq->packed.desc_extra[curr]); curr = vq->packed.desc_extra[curr].next; } } So the indirect desc table is not unmapped. This causes the unmap leak. So here, we check vq->use_dma_api instead. Synchronously, dma info is updated based on use_dma_api judgment This bug does not occur, because no driver use the premapped with indirect.
AI-Powered Analysis
Technical Analysis
CVE-2024-27066 is a vulnerability identified in the Linux kernel's virtio subsystem, specifically related to the handling of indirect descriptor tables in the packed virtqueue implementation. Virtio is a virtualization standard for network and disk device drivers where the guest's device drivers communicate with the host. The vulnerability arises from an unmap leak caused by incorrect conditional logic in the unmapping process of indirect descriptor tables when both 'use_dma_api' and 'premapped' flags are true. The code incorrectly checks the 'do_unmap' flag to decide whether to unmap the indirect descriptor table, but in this scenario, 'do_unmap' remains false, preventing the call to 'vring_unmap_extra_packed' which is responsible for unmapping. Consequently, the indirect descriptor table is not unmapped, leading to a resource leak. The fix involves changing the condition to check 'use_dma_api' instead of 'do_unmap' and synchronously updating DMA information accordingly. However, the vulnerability is noted to be theoretical because no current drivers use the 'premapped' flag in conjunction with indirect descriptors, meaning exploitation is unlikely under current conditions. No known exploits are reported in the wild, and no CVSS score has been assigned yet. This vulnerability affects specific Linux kernel versions identified by commit hashes, and it was published on May 1, 2024.
Potential Impact
For European organizations, the impact of CVE-2024-27066 is currently limited due to the lack of drivers using the vulnerable configuration ('premapped' with indirect descriptors). However, if future drivers or custom kernel modules adopt this configuration, the unmap leak could lead to resource exhaustion in the kernel's virtio subsystem. This could degrade system performance or cause denial of service conditions in virtualized environments, particularly those heavily reliant on virtio for network or storage virtualization, such as cloud service providers, data centers, and enterprises using virtualization extensively. Confidentiality and integrity impacts are minimal since the vulnerability primarily causes resource leaks rather than direct code execution or privilege escalation. Availability could be affected if the leak leads to kernel memory exhaustion or instability. Given the Linux kernel's widespread use in European infrastructure, especially in cloud and telecom sectors, vigilance is warranted despite the low immediate risk.
Mitigation Recommendations
European organizations should ensure that their Linux kernel versions are updated to include the patch that corrects the unmap logic in the virtio packed descriptor handling. Specifically, kernel maintainers and system administrators should track and apply updates from trusted Linux distributions that incorporate this fix. Additionally, organizations should audit any custom or third-party kernel modules or drivers that might use the 'premapped' flag with indirect descriptors to assess exposure. Virtualization platform operators should monitor kernel logs for unusual resource leaks or virtio subsystem warnings. Employing kernel memory leak detection tools and performing regular system health checks can help identify potential exploitation or misconfigurations early. Finally, organizations should maintain robust patch management processes to quickly deploy kernel updates once they become available from their Linux distribution vendors.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.216Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ac4522896dcbe329a
Added to database: 5/21/2025, 9:08:58 AM
Last enriched: 6/29/2025, 3:09:45 PM
Last updated: 8/15/2025, 8:00:39 AM
Views: 12
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.