CVE-2024-27079

In the kdump kernel, the IOMMU operates in deferredattach mode. In this mode, info->domain may not yet be assigned by the time the releasedevice function is called. It leads to the following crash in the crash kernel:

BUG: kernel NULL pointer dereference, address: 000000000000003c
...
RIP: 0010:do_raw_spin_lock+0xa/0xa0
...
_raw_spin_lock_irqsave+0x1b/0x30
intel_iommu_release_device+0x96/0x170
iommu_deinit_device+0x39/0xf0
__iommu_group_remove_device+0xa0/0xd0
iommu_bus_notifier+0x55/0xb0
notifier_call_chain+0x5a/0xd0
blocking_notifier_call_chain+0x41/0x60
bus_notify+0x34/0x50
device_del+0x269/0x3d0
pci_remove_bus_device+0x77/0x100
p2sb_bar+0xae/0x1d0
...
i801_probe+0x423/0x740

Use the releasedomain mechanism to fix it. The scalable mode context entry which is not part of release domain should be cleared in releasedevice().

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

586081d3f6b13ec9dfdfdf3d7842a688b376fa5e

Fixed

333fe86968482ca701c609af590003bcea450e8f

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

586081d3f6b13ec9dfdfdf3d7842a688b376fa5e

Fixed

81e921fd321614c2ad8ac333b041aae1da7a1c6d

Affected versions

v5.*

v5.17

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v6.*

v6.0

v6.0-rc1

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.5

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.8.1

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "line_hashes": [
                    "109905745650503005011437352740630819585",
                    "115378521003175910169804421869492732167"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "drivers/iommu/intel/pasid.h"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@333fe86968482ca701c609af590003bcea450e8f",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-27079-24ec5d5a"
        },
        {
            "digest": {
                "length": 300.0,
                "function_hash": "168368724165870038591144822325250205861"
            },
            "target": {
                "function": "intel_iommu_release_device",
                "file": "drivers/iommu/intel/iommu.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@333fe86968482ca701c609af590003bcea450e8f",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-27079-39a913d5"
        },
        {
            "digest": {
                "line_hashes": [
                    "109905745650503005011437352740630819585",
                    "115378521003175910169804421869492732167"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "drivers/iommu/intel/pasid.h"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81e921fd321614c2ad8ac333b041aae1da7a1c6d",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-27079-3ef2664d"
        },
        {
            "digest": {
                "length": 486.0,
                "function_hash": "166921351483125215780213110906486416744"
            },
            "target": {
                "function": "dmar_remove_one_dev_info",
                "file": "drivers/iommu/intel/iommu.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@333fe86968482ca701c609af590003bcea450e8f",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-27079-40fc3039"
        },
        {
            "digest": {
                "length": 486.0,
                "function_hash": "166921351483125215780213110906486416744"
            },
            "target": {
                "function": "dmar_remove_one_dev_info",
                "file": "drivers/iommu/intel/iommu.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81e921fd321614c2ad8ac333b041aae1da7a1c6d",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-27079-5d02f08c"
        },
        {
            "digest": {
                "line_hashes": [
                    "258003924375447936104902840834628711056",
                    "316019868164136737682661457215958951111",
                    "31031858597502853687492394208285169936",
                    "298397555902274242835422422658078069997",
                    "303406196764576901343676045388230237769",
                    "336777163534233046133118580042036375795",
                    "175129542147005498756293707100267881806",
                    "45777267234028833096718557887973884144",
                    "278790272031912691774303260081257593512",
                    "336292218607981001553830798500532047899",
                    "57574207511183615643788157338063817125",
                    "71011495246995741345937812684242360414",
                    "240461547232713002542399857163917960169",
                    "217328116450449464707848869900931572709",
                    "79335723020912106534298262935109171908",
                    "319027715667028307493889489403545088366",
                    "191108563059758201249184246122026130954",
                    "26534449862448171815858275604312696095",
                    "208279165468958133672197427800438872646",
                    "3773282542206790530965534116566049970",
                    "215672110207196291016399026684744457337",
                    "332147859228900999763240136520784672840",
                    "188542213316043000222675281213146753450",
                    "248450954230928106844887126282580856381",
                    "240167386542172690884346425556421756348",
                    "135241122126681326415348032184166138720",
                    "334737824855577396771418341593200537156",
                    "309251195208103262669346679484201882517",
                    "96614214235897478928897235544925641882",
                    "111727034308363532424601253076700907267"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "drivers/iommu/intel/iommu.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@333fe86968482ca701c609af590003bcea450e8f",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-27079-74a2aa3b"
        },
        {
            "digest": {
                "line_hashes": [
                    "258003924375447936104902840834628711056",
                    "316019868164136737682661457215958951111",
                    "31031858597502853687492394208285169936",
                    "298397555902274242835422422658078069997",
                    "303406196764576901343676045388230237769",
                    "336777163534233046133118580042036375795",
                    "175129542147005498756293707100267881806",
                    "45777267234028833096718557887973884144",
                    "278790272031912691774303260081257593512",
                    "336292218607981001553830798500532047899",
                    "57574207511183615643788157338063817125",
                    "71011495246995741345937812684242360414",
                    "240461547232713002542399857163917960169",
                    "217328116450449464707848869900931572709",
                    "79335723020912106534298262935109171908",
                    "319027715667028307493889489403545088366",
                    "191108563059758201249184246122026130954",
                    "26534449862448171815858275604312696095",
                    "208279165468958133672197427800438872646",
                    "3773282542206790530965534116566049970",
                    "215672110207196291016399026684744457337",
                    "332147859228900999763240136520784672840",
                    "188542213316043000222675281213146753450",
                    "248450954230928106844887126282580856381",
                    "240167386542172690884346425556421756348",
                    "135241122126681326415348032184166138720",
                    "334737824855577396771418341593200537156",
                    "309251195208103262669346679484201882517",
                    "96614214235897478928897235544925641882",
                    "111727034308363532424601253076700907267"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "drivers/iommu/intel/iommu.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81e921fd321614c2ad8ac333b041aae1da7a1c6d",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-27079-d97a075e"
        },
        {
            "digest": {
                "length": 300.0,
                "function_hash": "168368724165870038591144822325250205861"
            },
            "target": {
                "function": "intel_iommu_release_device",
                "file": "drivers/iommu/intel/iommu.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81e921fd321614c2ad8ac333b041aae1da7a1c6d",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-27079-ed5b251e"
        }
    ]
}

CVE-2024-27079

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Affected versions

v5.*

v6.*

Database specific

Linux / Kernel

Package

Affected ranges