6 matches found
CVE-2023-54034
The CVE-2023-54034 issue affects the Linux kernel iommufd path where vfio_iommu_type1_info is copied to user space. The root cause is a missing zero initialization: most of the struct is copied with copy_from_user(), but minsz is smaller than the struct by 8 bytes, leaving the padding uninitializ...
CVE-2025-40293
In the Linux kernel, the following vulnerability has been resolved: iommufd: Don't overflow during division for dirty tracking If pgshift is 63 then BITSPERTYPEbitmap-bitmap pgsize will overflow to 0 and this triggers divide by 0. In this case the index should just be 0, so reorganize things to...
SUSE CVE-2023-53630
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix unpinning of pages when an access is present syzkaller found that the calculation of batchlastindex should use 'startindex' since at input to this function the batch is either empty or it has already been adjusted to...
CVE-2025-38625
In the Linux kernel, the following vulnerability has been resolved: vfio/pds: Fix missing detachioas op When CONFIGIOMMUFD is enabled and a device is bound to the pdsvfiopci driver, the following WARNON trace is seen and probe fails: WARNING: CPU: 0 PID: 5040 at drivers/vfio/vfiomain.c:317...
CVE-2024-56624
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix outfput in iommufdfaultalloc As fput calls the file-fop-release op, where fault obj and ictx are getting released, there is no need to release these two after fput one more time, which would result in imbalanced...
CVE-2024-56624 iommufd: Fix out_fput in iommufd_fault_alloc()
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix outfput in iommufdfaultalloc As fput calls the file-fop-release op, where fault obj and ictx are getting released, there is no need to release these two after fput one more time, which would result in imbalanced...