In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix WARN_ON in iommu probe path Commit 1a75cc710b95
(“iommu/vt-d: Use rbtree to track iommu probed devices”) adds all devices
probed by the iommu driver in a rbtree indexed by the source ID of each
device. It assumes that each device has a unique source ID. This assumption
is incorrect and the VT-d spec doesn’t state this requirement either. The
reason for using a rbtree to track devices is to look up the device with
PCI bus and devfunc in the paths of handling ATS invalidation time out
error and the PRI I/O page faults. Both are PCI ATS feature related. Only
track the devices that have PCI ATS capabilities in the rbtree to avoid
unnecessary WARN_ON in the iommu probe path. Otherwise, on some platforms
below kernel splat will be displayed and the iommu probe results in
failure. WARNING: CPU: 3 PID: 166 at drivers/iommu/intel/iommu.c:158
intel_iommu_probe_device+0x319/0xd90 Call Trace: <TASK> ? __warn+0x7e/0x180
? intel_iommu_probe_device+0x319/0xd90 ? report_bug+0x1f8/0x200 ?
handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x70 ?
asm_exc_invalid_op+0x1a/0x20 ? intel_iommu_probe_device+0x319/0xd90 ?
debug_mutex_init+0x37/0x50 __iommu_probe_device+0xf2/0x4f0
iommu_probe_device+0x22/0x70 iommu_bus_notifier+0x1e/0x40
notifier_call_chain+0x46/0x150 blocking_notifier_call_chain+0x42/0x60
bus_notify+0x2f/0x50 device_add+0x5ed/0x7e0 platform_device_add+0xf5/0x240
mfd_add_devices+0x3f9/0x500 ? preempt_count_add+0x4c/0xa0 ?
up_write+0xa2/0x1b0 ? __debugfs_create_file+0xe3/0x150
intel_lpss_probe+0x49f/0x5b0 ? pci_conf1_write+0xa3/0xf0
intel_lpss_pci_probe+0xcf/0x110 [intel_lpss_pci]
pci_device_probe+0x95/0x120 really_probe+0xd9/0x370 ?
__pfx___driver_attach+0x10/0x10 __driver_probe_device+0x73/0x150
driver_probe_device+0x19/0xa0 __driver_attach+0xb6/0x180 ?
__pfx___driver_attach+0x10/0x10 bus_for_each_dev+0x77/0xd0
bus_add_driver+0x114/0x210 driver_register+0x5b/0x110 ?
__pfx_intel_lpss_pci_driver_init+0x10/0x10 [intel_lpss_pci]
do_one_initcall+0x57/0x2b0 ? kmalloc_trace+0x21e/0x280 ?
do_init_module+0x1e/0x210 do_init_module+0x5f/0x210
load_module+0x1d37/0x1fc0 ? init_module_from_file+0x86/0xd0
init_module_from_file+0x86/0xd0 idempotent_init_module+0x17c/0x230
__x64_sys_finit_module+0x56/0xb0 do_syscall_64+0x6e/0x140
entry_SYSCALL_64_after_hwframe+0x71/0x79
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/89436f4f54125b1297aec1f466efd8acb4ec613d (6.9-rc4)
git.kernel.org/stable/c/89436f4f54125b1297aec1f466efd8acb4ec613d
git.kernel.org/stable/c/fba8ca3e6f608b92e54271fdbd3ce569361939fc
launchpad.net/bugs/cve/CVE-2024-35957
nvd.nist.gov/vuln/detail/CVE-2024-35957
security-tracker.debian.org/tracker/CVE-2024-35957
www.cve.org/CVERecord?id=CVE-2024-35957