CVE-2024-27079
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-27079
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27079.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-27079
- Downstream
- Related
- Published
- 2024-05-01T13:04:58Z
- Modified
- 2025-10-21T20:11:59.564782Z
- Summary
- iommu/vt-d: Fix NULL domain on device release
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix NULL domain on device release
In the kdump kernel, the IOMMU operates in deferredattach mode. In this mode, info->domain may not yet be assigned by the time the releasedevice function is called. It leads to the following crash in the crash kernel:
BUG: kernel NULL pointer dereference, address: 000000000000003c ... RIP: 0010:do_raw_spin_lock+0xa/0xa0 ... _raw_spin_lock_irqsave+0x1b/0x30 intel_iommu_release_device+0x96/0x170 iommu_deinit_device+0x39/0xf0 __iommu_group_remove_device+0xa0/0xd0 iommu_bus_notifier+0x55/0xb0 notifier_call_chain+0x5a/0xd0 blocking_notifier_call_chain+0x41/0x60 bus_notify+0x34/0x50 device_del+0x269/0x3d0 pci_remove_bus_device+0x77/0x100 p2sb_bar+0xae/0x1d0 ... i801_probe+0x423/0x740Use the releasedomain mechanism to fix it. The scalable mode context entry which is not part of release domain should be cleared in releasedevice().
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced586081d3f6b13ec9dfdfdf3d7842a688b376fa5eFixed333fe86968482ca701c609af590003bcea450e8f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced586081d3f6b13ec9dfdfdf3d7842a688b376fa5eFixed81e921fd321614c2ad8ac333b041aae1da7a1c6d
Affected versions
v5.*
v5.17
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
Database specific
vanir_signatures
[
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81e921fd321614c2ad8ac333b041aae1da7a1c6d",
"id": "CVE-2024-27079-3ef2664d",
"signature_version": "v1",
"target": {
"file": "drivers/iommu/intel/pasid.h"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"109905745650503005011437352740630819585",
"115378521003175910169804421869492732167"
]
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81e921fd321614c2ad8ac333b041aae1da7a1c6d",
"id": "CVE-2024-27079-5d02f08c",
"signature_version": "v1",
"target": {
"function": "dmar_remove_one_dev_info",
"file": "drivers/iommu/intel/iommu.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "166921351483125215780213110906486416744",
"length": 486.0
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81e921fd321614c2ad8ac333b041aae1da7a1c6d",
"id": "CVE-2024-27079-d97a075e",
"signature_version": "v1",
"target": {
"file": "drivers/iommu/intel/iommu.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"258003924375447936104902840834628711056",
"316019868164136737682661457215958951111",
"31031858597502853687492394208285169936",
"298397555902274242835422422658078069997",
"303406196764576901343676045388230237769",
"336777163534233046133118580042036375795",
"175129542147005498756293707100267881806",
"45777267234028833096718557887973884144",
"278790272031912691774303260081257593512",
"336292218607981001553830798500532047899",
"57574207511183615643788157338063817125",
"71011495246995741345937812684242360414",
"240461547232713002542399857163917960169",
"217328116450449464707848869900931572709",
"79335723020912106534298262935109171908",
"319027715667028307493889489403545088366",
"191108563059758201249184246122026130954",
"26534449862448171815858275604312696095",
"208279165468958133672197427800438872646",
"3773282542206790530965534116566049970",
"215672110207196291016399026684744457337",
"332147859228900999763240136520784672840",
"188542213316043000222675281213146753450",
"248450954230928106844887126282580856381",
"240167386542172690884346425556421756348",
"135241122126681326415348032184166138720",
"334737824855577396771418341593200537156",
"309251195208103262669346679484201882517",
"96614214235897478928897235544925641882",
"111727034308363532424601253076700907267"
]
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81e921fd321614c2ad8ac333b041aae1da7a1c6d",
"id": "CVE-2024-27079-ed5b251e",
"signature_version": "v1",
"target": {
"function": "intel_iommu_release_device",
"file": "drivers/iommu/intel/iommu.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "168368724165870038591144822325250205861",
"length": 300.0
}
}
]