In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: Disable auto-enable of exclusive INTx IRQ
Currently for devices requiring masking at the irqchip for INTx, ie. devices without DisINTx support, the IRQ is enabled in request_irq() and subsequently disabled as necessary to align with the masked status flag. This presents a window where the interrupt could fire between these events, resulting in the IRQ incrementing the disable depth twice. This would be unrecoverable for a user since the masked flag prevents nested enables through vfio.
Instead, invert the logic using IRQFNOAUTOEN such that exclusive INTx is never auto-enabled, then unmask as required.
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@26389925d6c2126fb777821a0a983adca7ee6351",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-27437-3384e5d2",
"target": {
"file": "drivers/vfio/pci/vfio_pci_intrs.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"282349074088966364989254928724913869950",
"283551346756704050240597314954671509243",
"290475372309398361017463612132508536872",
"318109165612579987659268266706561054909",
"220385030580749144244936026690420200270",
"51216022883621148548833842796464378041",
"229047097518672256965502854902427655125",
"200883676100155749492308377127860206733",
"204774197771152149859011622496009243076",
"241439154145592809720002809765009662725",
"89815703632233245083026469638457482576"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fe9a7082684eb059b925c535682e68c34d487d43",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-27437-4ac8ab72",
"target": {
"file": "drivers/vfio/pci/vfio_pci_intrs.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"190577658674209628616407283902702969700",
"255744312684287612349600156457902549055",
"18620649556433543445139422899908985444",
"146067076383848088491739858333220950668",
"216389008557574477778058766215397949622",
"51216022883621148548833842796464378041",
"30710101623316240559620280958330037802",
"209588147247314823206484319355771199857",
"262538286170755638943872840380343513026",
"94953960993933618293320994887931642381",
"89815703632233245083026469638457482576"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3b3491ad0f80d913e7d255941d4470f4a4d9bfda",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-27437-535e20eb",
"target": {
"file": "drivers/vfio/pci/vfio_pci_intrs.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"190577658674209628616407283902702969700",
"255744312684287612349600156457902549055",
"18620649556433543445139422899908985444",
"146067076383848088491739858333220950668",
"216389008557574477778058766215397949622",
"51216022883621148548833842796464378041",
"30710101623316240559620280958330037802",
"209588147247314823206484319355771199857",
"262538286170755638943872840380343513026",
"94953960993933618293320994887931642381",
"89815703632233245083026469638457482576"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fe9a7082684eb059b925c535682e68c34d487d43",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-27437-57aca521",
"target": {
"function": "vfio_intx_set_signal",
"file": "drivers/vfio/pci/vfio_pci_intrs.c"
},
"signature_type": "Function",
"digest": {
"length": 1035.0,
"function_hash": "76486582623372198217761481748837261033"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@139dfcc4d723ab13469881200c7d80f49d776060",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-27437-59a1f29e",
"target": {
"function": "vfio_intx_set_signal",
"file": "drivers/vfio/pci/vfio_pci_intrs.c"
},
"signature_type": "Function",
"digest": {
"length": 1114.0,
"function_hash": "15788526481445958310613346385202447060"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@139dfcc4d723ab13469881200c7d80f49d776060",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-27437-62afb2e2",
"target": {
"file": "drivers/vfio/pci/vfio_pci_intrs.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"282349074088966364989254928724913869950",
"283551346756704050240597314954671509243",
"290475372309398361017463612132508536872",
"318109165612579987659268266706561054909",
"220385030580749144244936026690420200270",
"51216022883621148548833842796464378041",
"229047097518672256965502854902427655125",
"200883676100155749492308377127860206733",
"204774197771152149859011622496009243076",
"241439154145592809720002809765009662725",
"89815703632233245083026469638457482576"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bf0bc84a20e6109ab07d5dc072067bd01eb931ec",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-27437-6c4f1cb7",
"target": {
"function": "vfio_intx_set_signal",
"file": "drivers/vfio/pci/vfio_pci_intrs.c"
},
"signature_type": "Function",
"digest": {
"length": 1035.0,
"function_hash": "76486582623372198217761481748837261033"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2a4a666c45107206605b7b5bc20545f8aabc4fa2",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-27437-70798a89",
"target": {
"function": "vfio_intx_set_signal",
"file": "drivers/vfio/pci/vfio_pci_intrs.c"
},
"signature_type": "Function",
"digest": {
"length": 1035.0,
"function_hash": "76486582623372198217761481748837261033"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@26389925d6c2126fb777821a0a983adca7ee6351",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-27437-878dbc4b",
"target": {
"function": "vfio_intx_set_signal",
"file": "drivers/vfio/pci/vfio_pci_intrs.c"
},
"signature_type": "Function",
"digest": {
"length": 1106.0,
"function_hash": "31191863603254988915392773502699266371"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3b3491ad0f80d913e7d255941d4470f4a4d9bfda",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-27437-97c76a74",
"target": {
"function": "vfio_intx_set_signal",
"file": "drivers/vfio/pci/vfio_pci_intrs.c"
},
"signature_type": "Function",
"digest": {
"length": 1035.0,
"function_hash": "76486582623372198217761481748837261033"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b7a2f0955ffceffadfe098b40b50307431f45438",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-27437-9c334c4c",
"target": {
"file": "drivers/vfio/pci/vfio_pci_intrs.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"282349074088966364989254928724913869950",
"283551346756704050240597314954671509243",
"290475372309398361017463612132508536872",
"318109165612579987659268266706561054909",
"220385030580749144244936026690420200270",
"51216022883621148548833842796464378041",
"229047097518672256965502854902427655125",
"200883676100155749492308377127860206733",
"204774197771152149859011622496009243076",
"241439154145592809720002809765009662725",
"89815703632233245083026469638457482576"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b7a2f0955ffceffadfe098b40b50307431f45438",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-27437-b74c63af",
"target": {
"function": "vfio_intx_set_signal",
"file": "drivers/vfio/pci/vfio_pci_intrs.c"
},
"signature_type": "Function",
"digest": {
"length": 1106.0,
"function_hash": "31191863603254988915392773502699266371"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2a4a666c45107206605b7b5bc20545f8aabc4fa2",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-27437-e43588fb",
"target": {
"file": "drivers/vfio/pci/vfio_pci_intrs.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"190577658674209628616407283902702969700",
"255744312684287612349600156457902549055",
"18620649556433543445139422899908985444",
"146067076383848088491739858333220950668",
"216389008557574477778058766215397949622",
"51216022883621148548833842796464378041",
"30710101623316240559620280958330037802",
"209588147247314823206484319355771199857",
"262538286170755638943872840380343513026",
"94953960993933618293320994887931642381",
"89815703632233245083026469638457482576"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bf0bc84a20e6109ab07d5dc072067bd01eb931ec",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-27437-f98d10ec",
"target": {
"file": "drivers/vfio/pci/vfio_pci_intrs.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"190577658674209628616407283902702969700",
"255744312684287612349600156457902549055",
"18620649556433543445139422899908985444",
"146067076383848088491739858333220950668",
"216389008557574477778058766215397949622",
"51216022883621148548833842796464378041",
"30710101623316240559620280958330037802",
"209588147247314823206484319355771199857",
"262538286170755638943872840380343513026",
"94953960993933618293320994887931642381",
"89815703632233245083026469638457482576"
]
}
}
]