CVE-2024-26814

MEDIUM

Linux Kernel < 6.1.84 - NULL Pointer Dereference

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Block calling interrupt handler without trigger The eventfd_ctx trigger pointer of the vfio_fsl_mc_irq object is initially NULL and may become NULL if the user sets the trigger eventfd to -1. The interrupt handler itself is guaranteed that trigger is always valid between request_irq() and free_irq(), but the loopback testing mechanisms to invoke the handler function need to test the trigger. The triggering and setting ioctl paths both make use of igate and are therefore mutually exclusive. The vfio-fsl-mc driver does not make use of irqfds, nor does it support any sort of masking operations, therefore unlike vfio-pci and vfio-platform, the flow can remain essentially unchanged.

References (8)

[Patch] https://git.kernel.org/stable/c/083e750c9f5f4c3bf61161330fb84d7c8e8bb417

[Patch] https://git.kernel.org/stable/c/250219c6a556f8c69c5910fca05a59037e24147d

[Patch] https://git.kernel.org/stable/c/6ec0d88166dac43f29e96801c0927d514f17add9

[Patch] https://git.kernel.org/stable/c/7447d911af699a15f8d050dfcb7c680a86f87012

[Patch] https://git.kernel.org/stable/c/a563fc18583ca4f42e2fdd0c70c7c618288e7ede

[Patch] https://git.kernel.org/stable/c/de87511fb0404d23b6da5f4660383b6ed095e28d

[Patch] https://git.kernel.org/stable/c/ee0bd4ad780dfbb60355b99f25063357ab488267

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 5.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-476

Status published

Affected Products (8)

linux/linux_kernel < 6.1.84

debian/debian_linux

linux/Kernel < 5.10.215linux

linux/Kernel < 5.15.154linux

linux/Kernel < 6.1.84linux

linux/Kernel < 6.6.24linux

linux/Kernel < 6.7.12linux

linux/Kernel < 6.8.3linux

Timeline

Published Apr 05, 2024

Tracked Since Feb 18, 2026