CVE-2024-26785
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-26785
CVE Details
| Release Date: | 2024-04-04 |
Description
In the Linux kernel, the following vulnerability has been resolved:\niommufd: Fix protection fault in iommufd_test_syz_conv_iova\nSyzkaller reported the following bug:\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 [#1] SMP KASAN\nKASAN: null-ptr-deref in range [0x00000000000001c0-0x00000000000001c7]\nCall Trace:\nlock_acquire\nlock_acquire+0x1ce/0x4f0\ndown_read+0x93/0x4a0\niommufd_test_syz_conv_iova+0x56/0x1f0\niommufd_test_access_rw.isra.0+0x2ec/0x390\niommufd_test+0x1058/0x1e30\niommufd_fops_ioctl+0x381/0x510\nvfs_ioctl\n__do_sys_ioctl\n__se_sys_ioctl\n__x64_sys_ioctl+0x170/0x1e0\ndo_syscall_x64\ndo_syscall_64+0x71/0x140\nThis is because the new iommufd_access_change_ioas() sets access->ioas to\nNULL during its process, so the lock might be gone in a concurrent racing\ncontext.\nFix this by doing the same access->ioas sanity as iommufd_access_rw() and\niommufd_access_pin_pages() functions do.
See more information about CVE-2024-26785 from MITRE CVE dictionary and NIST NVD
CVSS Scoring
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
| Base Score: | 5.5 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector: | Local network | Attack Complexity: | Low |
| Privileges Required: | Low | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | None |
| Integrity Impact: | None | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 9 (kernel) | ELSA-2024-9315 | 2024-11-14 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
