CVE-2024-56719 is a vulnerability identified in the Linux kernel's network subsystem, specifically within the stmmac Ethernet driver responsible for handling the TSO (TCP Segmentation Offload) DMA API usage. The issue arises from improper handling of DMA mapping and unmapping operations in the stmmac_tso_xmit() function. A commit (66600fac7a98) changed the timing of when the tx_skbuff_dma[] structure members are assigned, causing a mismatch between the DMA cookie passed to dma_unmap_single() and the original value returned by dma_map_single(). This mismatch occurs particularly when the device's DMA addressing capability exceeds 32 bits (priv->dma_cap.addr64 > 32), due to an offset applied to the DMA cookie by proto_hdr_len. The consequence is that the driver attempts to unmap DMA memory that it did not allocate, leading to errors such as "Tx DMA map failed" and debug messages indicating attempts to free unallocated DMA memory. This can cause kernel oops or crashes, impacting network functionality and system stability. The fix involves preserving the original DMA cookie in the "des" variable and using a separate offset DMA cookie (tso_des) for allocation, ensuring correct pairing of map/unmap calls. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects multiple Linux kernel versions identified by specific commit hashes. Detailed technical discussion and crash reports are available in linked kernel mailing list archives.

For European organizations relying on Linux-based systems, especially those using embedded devices, servers, or network appliances with stmmac Ethernet controllers, this vulnerability could lead to network interface instability or kernel crashes. Such disruptions may cause denial of service conditions, impacting availability of critical services. In environments where high network throughput and reliability are essential—such as telecommunications, financial services, and industrial control systems—this could degrade operational continuity. Although exploitation does not appear to allow privilege escalation or data leakage directly, the instability and potential for repeated kernel faults could be leveraged by attackers to disrupt services or cause cascading failures. Organizations with large-scale Linux deployments or those using custom kernels incorporating affected commits are at higher risk. The lack of requirement for user interaction or authentication means that any network traffic triggering the flawed TSO DMA handling could provoke the issue, increasing exposure. However, the need for specific hardware and driver configurations limits the scope somewhat.

European organizations should prioritize updating their Linux kernels to versions containing the fix for CVE-2024-56719 as soon as patches are available from their Linux distribution vendors or upstream kernel sources. For embedded or custom Linux systems, recompiling the kernel with the corrected stmmac driver code is necessary. Network administrators should audit their hardware inventory to identify devices using stmmac Ethernet controllers with DMA capabilities exceeding 32 bits, as these are most susceptible. Enabling kernel debugging and DMA API debug features temporarily can help detect improper DMA unmap attempts during testing phases. Where immediate patching is not feasible, organizations can consider disabling TSO offloading on affected interfaces as a temporary workaround, though this may reduce network performance. Rigorous testing in staging environments is recommended before deploying updates to production, to ensure stability and compatibility. Monitoring kernel logs for DMA-related errors can provide early warning of exploitation attempts or instability. Coordination with hardware vendors and Linux distribution maintainers will facilitate timely patch deployment.