CVE-2024-27079

MEDIUM

Linux kernel - NULL Pointer Dereference

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix NULL domain on device release In the kdump kernel, the IOMMU operates in deferred_attach mode. In this mode, info->domain may not yet be assigned by the time the release_device function is called. It leads to the following crash in the crash kernel: BUG: kernel NULL pointer dereference, address: 000000000000003c ... RIP: 0010:do_raw_spin_lock+0xa/0xa0 ... _raw_spin_lock_irqsave+0x1b/0x30 intel_iommu_release_device+0x96/0x170 iommu_deinit_device+0x39/0xf0 __iommu_group_remove_device+0xa0/0xd0 iommu_bus_notifier+0x55/0xb0 notifier_call_chain+0x5a/0xd0 blocking_notifier_call_chain+0x41/0x60 bus_notify+0x34/0x50 device_del+0x269/0x3d0 pci_remove_bus_device+0x77/0x100 p2sb_bar+0xae/0x1d0 ... i801_probe+0x423/0x740 Use the release_domain mechanism to fix it. The scalable mode context entry which is not part of release domain should be cleared in release_device().

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/333fe86968482ca701c609af590003bcea450e8f

Patch

https://git.kernel.org/stable/c/81e921fd321614c2ad8ac333b041aae1da7a1c6d

Scores

CVSS v3 5.5

EPSS 0.0024

EPSS Percentile 15.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (8)

linux/Kernel 5.18.0 - 6.8.2linux

Linux/Linux < 5.18

Linux/Linux 5.18

Linux/Linux 586081d3f6b13ec9dfdfdf3d7842a688b376fa5e - 333fe86968482ca701c609af590003bcea450e8f

Linux/Linux 586081d3f6b13ec9dfdfdf3d7842a688b376fa5e - 81e921fd321614c2ad8ac333b041aae1da7a1c6d

Linux/Linux 6.8.2 - 6.8.*

Linux/Linux 6.9

linux/linux_kernel 5.18 - 6.8.2

Published May 01, 2024

Tracked Since Feb 18, 2026