CVE-2021-47140

2024-03-2500:00:00

ubuntu.com

vulnerability

linux kernel

resolved

amd iommu

dma ops

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:
iommu/amd: Clear DMA ops when switching domain Since commit 08a27c1c3ecf
(“iommu: Add support to change default domain of an iommu group”) a user
can switch a device between IOMMU and direct DMA through sysfs. This
doesn’t work for AMD IOMMU at the moment because dev->dma_ops is not
cleared when switching from a DMA to an identity IOMMU domain. The DMA
layer thus attempts to use the dma-iommu ops on an identity domain, causing
an oops: # echo 0000:00:05.0 > /sys/sys/bus/pci/drivers/e1000e/unbind #
echo identity > /sys/bus/pci/devices/0000:00:05.0/iommu_group/type # echo
0000:00:05.0 > /sys/sys/bus/pci/drivers/e1000e/bind … BUG: kernel NULL
pointer dereference, address: 0000000000000028 … Call Trace:
iommu_dma_alloc e1000e_setup_tx_resources e1000e_open Since
iommu_change_dev_def_domain() calls probe_finalize() again, clear the
dma_ops there like Vt-d does.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< anyUNKNOWN
ubuntu23.10noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu14.04noarchlinux< anyUNKNOWN
ubuntu16.04noarchlinux< anyUNKNOWN
ubuntu18.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< any	UNKNOWN
ubuntu	23.10	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	14.04	noarch	linux	< any	UNKNOWN
ubuntu	16.04	noarch	linux	< any	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< any	UNKNOWN