CVE-2024-53127: Linux Kernel Vulnerability Resolved with Revert of "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"

A recent vulnerability in the Linux kernel has been resolved by reverting a previous change that aimed to fix IDMAC operation with pages bigger than 4K.

The initial commit (8396c793ffdf) made changes to the max_req_size, which ended up causing various issues across different hardware platforms:

"swiotlb buffer is full" error and data corruption on StarFive JH711 devices

Given that a proper fix could not be found, it was decided to simply revert this change. The commit has now been reverted in order to resolve these issues:

git revert 8396c793ffdf28bb8aee7cfe089108f8cab789

Exploit Details

While the revert has addressed these problems, it's important to understand the root cause of the vulnerability and any potential future implications.

The original commit aimed to handle cases where memory pages were larger than the standard 4K size used in the Linux kernel. This change inadvertently broke functionality on certain platforms that rely on dw_mmc (DesignWare MultiMediaCard), causing kernel panics and other errors.

If you were affected by this issue, apply the latest patches to your Linux kernel. As always, it's good practice to keep your system up-to-date to minimize exposure to vulnerabilities.

Original References

1. Commit that introduced the vulnerability: [8396c793ffdf]("https://github.com/torvalds/linux/commit/8396c793ffdf28bb8aee7cfe089108f8cab789")
2. Revert commit resolving the vulnerability: [Reverts 8396c793ffdf]("https://github.com/torvalds/linux/commit/")

In conclusion, the Linux kernel vulnerability (CVE-2024-53127) has been resolved by reverting a previous commit that caused issues to dw_mmc operation with pages larger than 4K. Keeping your system updated and applying the latest patches can help protect against this kind of vulnerability.

Timeline

Published on: 12/04/2024 15:15:12 UTC
Last modified on: 12/19/2024 09:39:52 UTC