CVE-2024-26810

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-26810

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26810.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-26810

Downstream

BELL-CVE-2024-26810

DEBIAN-CVE-2024-26810

DLA-3842-1

DSA-5658-1

DSA-5681-1

OESA-2024-1520

OESA-2024-1524

OESA-2024-1526

OESA-2024-1535

OESA-2024-1536

OESA-2024-1541

RHSA-2024:4823

RHSA-2024:4831

RHSA-2024:5065

RHSA-2024:5101

RHSA-2024:5102

RHSA-2024:5928

RHSA-2024:6206

SUSE-SU-2025:0499-1

SUSE-SU-2025:0784-1

SUSE-SU-2025:0834-1

SUSE-SU-2025:0847-1

SUSE-SU-2025:0856-1

SUSE-SU-2025:0955-1

Related

Published

2024-04-05T09:15:09Z

Modified

2025-08-09T19:01:28Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

vfio/pci: Lock external INTx masking ops

Mask operations through config space changes to DisINTx may race INTx configuration changes via ioctl. Create wrappers that add locking for paths outside of the core interrupt code.

In particular, irqtype is updated holding igate, therefore testing isintx() requires holding igate. For example clearing DisINTx from config space can otherwise race changes of the interrupt configuration.

This aligns interfaces which may trigger the INTx eventfd into two camps, one side serialized by igate and the other only enabled while INTx is configured. A subsequent patch introduces synchronization for the latter flows.

References

Affected packages