CVE-2024-36926

ULN >
Oracle Linux CVE repository >
CVE-2024-36926

CVE Details

Release Date:

2024-05-30

Description

In the Linux kernel, the following vulnerability has been resolved:\npowerpc/pseries/iommu: LPAR panics during boot up with a frozen PE\nAt the time of LPAR boot up, partition firmware provides Open Firmware\nproperty ibm,dma-window for the PE. This property is provided on the PCI\nbus the PE is attached to.\nThere are execptions where the partition firmware might not provide this\nproperty for the PE at the time of LPAR boot up. One of the scenario is\nwhere the firmware has frozen the PE due to some error condition. This\nPE is frozen for 24 hours or unless the whole system is reinitialized.\nWithin this time frame, if the LPAR is booted, the frozen PE will be\npresented to the LPAR but ibm,dma-window property could be missing.\nToday, under these circumstances, the LPAR oopses with NULL pointer\ndereference, when configuring the PCI bus the PE is attached to.\nBUG: Kernel NULL pointer dereference on read at 0x000000c8\nFaulting instruction address: 0xc0000000001024c0\nOops: Kernel access of bad area, sig: 7 [#1]\nLE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\nModules linked in:\nSupported: Yes\nCPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.4.0-150600.9-default #1\nHardware name: IBM,9043-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060_023) hv:phyp pSeries\nNIP: c0000000001024c0 LR: c0000000001024b0 CTR: c000000000102450\nREGS: c0000000037db5c0 TRAP: 0300 Not tainted (6.4.0-150600.9-default)\nMSR: 8000000002009033 CR: 28000822 XER: 00000000\nCFAR: c00000000010254c DAR: 00000000000000c8 DSISR: 00080000 IRQMASK: 0\n...\nNIP [c0000000001024c0] pci_dma_bus_setup_pSeriesLP+0x70/0x2a0\nLR [c0000000001024b0] pci_dma_bus_setup_pSeriesLP+0x60/0x2a0\nCall Trace:\npci_dma_bus_setup_pSeriesLP+0x60/0x2a0 (unreliable)\npcibios_setup_bus_self+0x1c0/0x370\n__of_scan_bus+0x2f8/0x330\npcibios_scan_phb+0x280/0x3d0\npcibios_init+0x88/0x12c\ndo_one_initcall+0x60/0x320\nkernel_init_freeable+0x344/0x3e4\nkernel_init+0x34/0x1d0\nret_from_kernel_user_thread+0x14/0x1c

See more information about CVE-2024-36926 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	4.4	CVSS Vector:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector:	Local network	Attack Complexity:	Low
Privileges Required:	High	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 9 (kernel)	ELSA-2024-9315	2024-11-14

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691