CVE-2024-50101

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices Previously, the domain_context_clear() function incorrectly called pci_for_each_dma_alias() to set up context entries for non-PCI devices. This could lead to kernel hangs or other unexpected behavior. Add a check to only call pci_for_each_dma_alias() for PCI devices. For non-PCI devices, domain_context_clear_one() is called directly.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/04d6826ba7ba81213422276e96c90c6565169e1c	Patch
https://git.kernel.org/stable/c/0bd9a30c22afb5da203386b811ec31429d2caa78	Patch
https://git.kernel.org/stable/c/6e02a277f1db24fa039e23783c8921c7b0e5b1b3	Patch
https://git.kernel.org/stable/c/cbfa3a83eba05240ce37839ed48280a05e8e8f6c	Patch
https://git.kernel.org/stable/c/fe2e0b6cd00abea3efac66de1da22d844364c1b0	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc3::::::

History

12 Nov 2024, 14:59

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.12:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc3::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		NVD-CWE-noinfo
First Time		Linux Linux linux Kernel
References	~~() https://git.kernel.org/stable/c/04d6826ba7ba81213422276e96c90c6565169e1c -~~	() https://git.kernel.org/stable/c/04d6826ba7ba81213422276e96c90c6565169e1c - Patch
References	~~() https://git.kernel.org/stable/c/0bd9a30c22afb5da203386b811ec31429d2caa78 -~~	() https://git.kernel.org/stable/c/0bd9a30c22afb5da203386b811ec31429d2caa78 - Patch
References	~~() https://git.kernel.org/stable/c/6e02a277f1db24fa039e23783c8921c7b0e5b1b3 -~~	() https://git.kernel.org/stable/c/6e02a277f1db24fa039e23783c8921c7b0e5b1b3 - Patch
References	~~() https://git.kernel.org/stable/c/cbfa3a83eba05240ce37839ed48280a05e8e8f6c -~~	() https://git.kernel.org/stable/c/cbfa3a83eba05240ce37839ed48280a05e8e8f6c - Patch
References	~~() https://git.kernel.org/stable/c/fe2e0b6cd00abea3efac66de1da22d844364c1b0 -~~	() https://git.kernel.org/stable/c/fe2e0b6cd00abea3efac66de1da22d844364c1b0 - Patch

06 Nov 2024, 18:17

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/vt-d: Se corrige pci_for_each_dma_alias() incorrecto para dispositivos que no sean PCI Anteriormente, la función domain_context_clear() llamaba incorrectamente a pci_for_each_dma_alias() para configurar entradas de contexto para dispositivos que no sean PCI. Esto podría provocar bloqueos del kernel u otro comportamiento inesperado. Agregue una verificación para llamar solo a pci_for_each_dma_alias() para dispositivos PCI. Para dispositivos que no sean PCI, se llama a domain_context_clear_one() directamente.

05 Nov 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-05 18:15

Updated : 2024-11-12 14:59

NVD link : CVE-2024-50101

Mitre link : CVE-2024-50101

CVE.ORG link : CVE-2024-50101

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10