FKIE_CVE-2024-40945

Vulnerability from fkie_nvd - Published: 2024-07-12 13:15 - Updated: 2025-11-03 20:16
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: iommu: Return right value in iommu_sva_bind_device() iommu_sva_bind_device() should return either a sva bond handle or an ERR_PTR value in error cases. Existing drivers (idxd and uacce) only check the return value with IS_ERR(). This could potentially lead to a kernel NULL pointer dereference issue if the function returns NULL instead of an error pointer. In reality, this doesn't cause any problems because iommu_sva_bind_device() only returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA. In this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will return an error, and the device drivers won't call iommu_sva_bind_device() at all.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12ePatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6325eab6c108fed27f60ff51852e3eac0ba23f3f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205ePatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91ePatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12ePatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205ePatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91ePatch
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 6.10
linux linux_kernel 6.10
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A16AF13-82B4-4031-88E2-F3A1AE0863D5",
              "versionEndExcluding": "5.4.279",
              "versionStartIncluding": "5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "659E1520-6345-41AF-B893-A7C0647585A0",
              "versionEndExcluding": "5.10.221",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A39ACC-3005-40E8-875C-98A372D1FFD5",
              "versionEndExcluding": "5.15.162",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC897C60-C0EC-4C8F-AD1A-CD0916F408C4",
              "versionEndExcluding": "6.6.35",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975",
              "versionEndExcluding": "6.9.6",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Return right value in iommu_sva_bind_device()\n\niommu_sva_bind_device() should return either a sva bond handle or an\nERR_PTR value in error cases. Existing drivers (idxd and uacce) only\ncheck the return value with IS_ERR(). This could potentially lead to\na kernel NULL pointer dereference issue if the function returns NULL\ninstead of an error pointer.\n\nIn reality, this doesn\u0027t cause any problems because iommu_sva_bind_device()\nonly returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.\nIn this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will\nreturn an error, and the device drivers won\u0027t call iommu_sva_bind_device()\nat all."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: iommu: Devuelve el valor correcto en iommu_sva_bind_device() iommu_sva_bind_device() deber\u00eda devolver un identificador de enlace sva o un valor ERR_PTR en casos de error. Los controladores existentes (idxd y uacce) solo verifican el valor de retorno con IS_ERR(). Esto podr\u00eda provocar un problema de desreferencia del puntero NULL del kernel si la funci\u00f3n devuelve NULL en lugar de un puntero de error. En realidad, esto no causa ning\u00fan problema porque iommu_sva_bind_device() solo devuelve NULL cuando el kernel no est\u00e1 configurado con CONFIG_IOMMU_SVA. En este caso, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) devolver\u00e1 un error y los controladores del dispositivo no llamar\u00e1n a iommu_sva_bind_device() en absoluto."
    }
  ],
  "id": "CVE-2024-40945",
  "lastModified": "2025-11-03T20:16:27.100",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-12T13:15:16.853",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6325eab6c108fed27f60ff51852e3eac0ba23f3f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.