CVE-2024-27079

MEDIUM

Linux kernel - NULL Pointer Dereference

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix NULL domain on device release In the kdump kernel, the IOMMU operates in deferred_attach mode. In this mode, info->domain may not yet be assigned by the time the release_device function is called. It leads to the following crash in the crash kernel: BUG: kernel NULL pointer dereference, address: 000000000000003c ... RIP: 0010:do_raw_spin_lock+0xa/0xa0 ... _raw_spin_lock_irqsave+0x1b/0x30 intel_iommu_release_device+0x96/0x170 iommu_deinit_device+0x39/0xf0 __iommu_group_remove_device+0xa0/0xd0 iommu_bus_notifier+0x55/0xb0 notifier_call_chain+0x5a/0xd0 blocking_notifier_call_chain+0x41/0x60 bus_notify+0x34/0x50 device_del+0x269/0x3d0 pci_remove_bus_device+0x77/0x100 p2sb_bar+0xae/0x1d0 ... i801_probe+0x423/0x740 Use the release_domain mechanism to fix it. The scalable mode context entry which is not part of release domain should be cleared in release_device().

References (2)

[Patch] https://git.kernel.org/stable/c/333fe86968482ca701c609af590003bcea450e8f

[Patch] https://git.kernel.org/stable/c/81e921fd321614c2ad8ac333b041aae1da7a1c6d

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 0.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-476

Status published

Affected Products (2)

linux/linux_kernel < 6.8.2

linux/Kernel < 6.8.2linux

Timeline

Published May 01, 2024

Tracked Since Feb 18, 2026