CVE-2024-26787
Description
In the Linux kernel, the following vulnerability has been resolved:
mmc: mmci: stm32: fix DMA API overlapping mappings warning
Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning:
DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings aren't supported WARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568 add_dma_entry+0x234/0x2f4 Modules linked in: CPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1 Hardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board (DT) Workqueue: events_freezable mmc_rescan Call trace: add_dma_entry+0x234/0x2f4 debug_dma_map_sg+0x198/0x350 __dma_map_sg_attrs+0xa0/0x110 dma_map_sg_attrs+0x10/0x2c sdmmc_idma_prep_data+0x80/0xc0 mmci_prep_data+0x38/0x84 mmci_start_data+0x108/0x2dc mmci_request+0xe4/0x190 __mmc_start_request+0x68/0x140 mmc_start_request+0x94/0xc0 mmc_wait_for_req+0x70/0x100 mmc_send_tuning+0x108/0x1ac sdmmc_execute_tuning+0x14c/0x210 mmc_execute_tuning+0x48/0xec mmc_sd_init_uhs_card.part.0+0x208/0x464 mmc_sd_init_card+0x318/0x89c mmc_attach_sd+0xe4/0x180 mmc_rescan+0x244/0x320
DMA API debug brings to light leaking dma-mappings as dma_map_sg and dma_unmap_sg are not correctly balanced.
If an error occurs in mmci_cmd_irq function, only mmci_dma_error function is called and as this API is not managed on stm32 variant, dma_unmap_sg is never called in this error path.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's STM32 MMC driver, unbalanced DMA mappings during error handling cause a debug warning and potential resource leak.
Vulnerability
CVE-2024-26787 is a bug in the Linux kernel's mmci driver for STM32 variants, where DMA mapping and unmapping operations are not properly balanced during error handling. The issue is specifically in the sdmmc_idma_prep_data path; if an error occurs in the mmci_cmd_irq function, only mmci_dma_error is called without subsequently calling dma_unmap_sg. This leads to overlapping DMA mappings, triggering the warning "cacheline tracking EEXIST, overlapping mappings aren't supported" when CONFIG_DMA_API_DEBUG_SG is enabled [1].
Exploitation
The vulnerability can be triggered during normal MMC operations, such as card initialization or tuning, without requiring special privileges. An attacker with physical or logical access to the system could potentially cause the kernel to enter an error path in the MMC subsystem (e.g., by manipulating SD card responses). No authentication is required, but the attacker must be able to influence MMC transactions, which typically requires local access or control over a connected SD/eMMC device [1].
Impact
The primary impact is a kernel warning and potential memory corruption due to the DMA API detecting overlapping mappings. While the warning itself does not directly lead to code execution, if the function is called repeatedly, it could lead to resource exhaustion or undefined behavior in the DMA subsystem. The CVSS score of 5.5 (Medium) reflects the local denial-of-service aspect, as the system may become unstable or crash under certain conditions [1].
Mitigation
The fix is available in the Linux kernel stable tree [2][3][4]. Users are advised to update to a kernel version containing the commit that ensures dma_unmap_sg is called on error paths when using the STM32 DMA variant. The vulnerability affects all versions of the SIMATIC S7-1500 TM MFP - GNU/Linux subsystem, as listed in the Siemens advisory [1], and likely other systems using the affected kernel driver.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
46- osv-coords45 versionspkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_14&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_13&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5
< 5.14.21-150500.55.62.1+ 44 more
- (no CPE)range: < 5.14.21-150500.55.62.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.33.48.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2.150500.6.27.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.33.48.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.33.48.1
- (no CPE)range: < 5.14.21-150500.55.62.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.33.48.1
- (no CPE)range: < 5.14.21-150500.55.62.2.150500.6.27.2
- (no CPE)range: < 5.14.21-150500.55.62.2.150500.6.27.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 1-150500.11.5.1
- (no CPE)range: < 1-150500.11.3.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.33.48.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.33.48.1
- (no CPE)range: < 5.14.21-150500.55.62.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.55.62.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/0224cbc53ba82b84affa7619b6d1b1a254bc2c53nvdPatch
- git.kernel.org/stable/c/176e66269f0de327375fc0ea51c12c2f5a97e4c4nvdPatch
- git.kernel.org/stable/c/5ae5060e17a3fc38e54c3e5bd8abd6b1d5bfae7cnvdPatch
- git.kernel.org/stable/c/6b1ba3f9040be5efc4396d86c9752cdc564730benvdPatch
- git.kernel.org/stable/c/70af82bb9c897faa25a44e4181f36c60312b71efnvdPatch
- git.kernel.org/stable/c/d610a307225951929b9dff807788439454476f85nvdPatch
- lists.debian.org/debian-lts-announce/2024/06/msg00017.htmlnvdMailing List
- cert-portal.siemens.com/productcert/html/ssa-265688.htmlnvd
News mentions
0No linked articles in our index yet.