CVE-2024-26786
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-26786
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26786.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-26786
- Related
- Published
- 2024-04-04T09:15:08Z
- Modified
- 2024-11-04T18:45:30.197979Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
iommufd: Fix ioptaccesslist_id overwrite bug
Syzkaller reported the following WARNON: WARNING: CPU: 1 PID: 4738 at drivers/iommu/iommufd/iopagetable.c:1360
Call Trace: iommufdaccesschangeioas+0x2fe/0x4e0 iommufdaccessdestroyobject+0x50/0xb0 iommufdobjectremove+0x2a3/0x490 iommufdobjectdestroyuser iommufdaccessdestroy+0x71/0xb0 iommufdteststaccessrelease+0x89/0xd0 _fput+0x272/0xb50 _fputsync+0x4b/0x60 _dosysclose _sesysclose _x64sysclose+0x8b/0x110 dosyscallx64
The mismatch between the access pointer in the list and the passed-in pointer is resulting from an overwrite of access->ioptaccesslistid, in ioptaddaccess(). Called from iommufdaccesschangeioas() when xaalloc() succeeds but ioptcalculateiovaalignment() fails.
Add a newid in ioptaddaccess() and only update ioptaccesslistid when returning successfully.
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.7.9-1