Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-35957— iommu/vt-d: Fix WARN_ON in iommu probe path

EPSS 0.02% · P4
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-35957

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
iommu/vt-d: Fix WARN_ON in iommu probe path
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix WARN_ON in iommu probe path Commit 1a75cc710b95 ("iommu/vt-d: Use rbtree to track iommu probed devices") adds all devices probed by the iommu driver in a rbtree indexed by the source ID of each device. It assumes that each device has a unique source ID. This assumption is incorrect and the VT-d spec doesn't state this requirement either. The reason for using a rbtree to track devices is to look up the device with PCI bus and devfunc in the paths of handling ATS invalidation time out error and the PRI I/O page faults. Both are PCI ATS feature related. Only track the devices that have PCI ATS capabilities in the rbtree to avoid unnecessary WARN_ON in the iommu probe path. Otherwise, on some platforms below kernel splat will be displayed and the iommu probe results in failure. WARNING: CPU: 3 PID: 166 at drivers/iommu/intel/iommu.c:158 intel_iommu_probe_device+0x319/0xd90 Call Trace: <TASK> ? __warn+0x7e/0x180 ? intel_iommu_probe_device+0x319/0xd90 ? report_bug+0x1f8/0x200 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? intel_iommu_probe_device+0x319/0xd90 ? debug_mutex_init+0x37/0x50 __iommu_probe_device+0xf2/0x4f0 iommu_probe_device+0x22/0x70 iommu_bus_notifier+0x1e/0x40 notifier_call_chain+0x46/0x150 blocking_notifier_call_chain+0x42/0x60 bus_notify+0x2f/0x50 device_add+0x5ed/0x7e0 platform_device_add+0xf5/0x240 mfd_add_devices+0x3f9/0x500 ? preempt_count_add+0x4c/0xa0 ? up_write+0xa2/0x1b0 ? __debugfs_create_file+0xe3/0x150 intel_lpss_probe+0x49f/0x5b0 ? pci_conf1_write+0xa3/0xf0 intel_lpss_pci_probe+0xcf/0x110 [intel_lpss_pci] pci_device_probe+0x95/0x120 really_probe+0xd9/0x370 ? __pfx___driver_attach+0x10/0x10 __driver_probe_device+0x73/0x150 driver_probe_device+0x19/0xa0 __driver_attach+0xb6/0x180 ? __pfx___driver_attach+0x10/0x10 bus_for_each_dev+0x77/0xd0 bus_add_driver+0x114/0x210 driver_register+0x5b/0x110 ? __pfx_intel_lpss_pci_driver_init+0x10/0x10 [intel_lpss_pci] do_one_initcall+0x57/0x2b0 ? kmalloc_trace+0x21e/0x280 ? do_init_module+0x1e/0x210 do_init_module+0x5f/0x210 load_module+0x1d37/0x1fc0 ? init_module_from_file+0x86/0xd0 init_module_from_file+0x86/0xd0 idempotent_init_module+0x17c/0x230 __x64_sys_finit_module+0x56/0xb0 do_syscall_64+0x6e/0x140 entry_SYSCALL_64_after_hwframe+0x71/0x79
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于存在错误路径。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux c618d446f1d64bdc9e426bab5e8619f224cde2ae ~ fba8ca3e6f608b92e54271fdbd3ce569361939fc -
LinuxLinux 6.8.2 ~ 6.8.7 -

II. Public POCs for CVE-2024-35957

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-35957

登录查看更多情报信息。

Same Patch Batch · Linux · 2024-05-20 · 62 CVEs total

CVE-2024-35969ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
CVE-2024-35954scsi: sg: Avoid sg device teardown race
CVE-2024-35951drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()
CVE-2024-35952drm/ast: Fix soft lockup
CVE-2024-35953accel/ivpu: Fix deadlock in context_xa
CVE-2024-35964Bluetooth: ISO: Fix not validating setsockopt user input
CVE-2024-35965Bluetooth: L2CAP: Fix not validating setsockopt user input
CVE-2024-35966Bluetooth: RFCOMM: Fix not validating setsockopt user input
CVE-2024-35968pds_core: Fix pdsc_check_pci_health function to use work thread
CVE-2024-35967Bluetooth: SCO: Fix not validating setsockopt user input
CVE-2024-35963Bluetooth: hci_sock: Fix not validating setsockopt user input
CVE-2024-35971net: ks8851: Handle softirqs at the end of IRQ thread to fix hang
CVE-2024-35970af_unix: Clear stale u->oob_skb.
CVE-2024-35973geneve: fix header validation in geneve[6]_xmit_skb
CVE-2024-35972bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init()
CVE-2024-35974block: fix q->blkg_list corruption during disk rebind
CVE-2024-35975octeontx2-pf: Fix transmit scheduler resource leak
CVE-2024-35976xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
CVE-2024-35977platform/chrome: cros_ec_uart: properly fix race condition
CVE-2024-35979raid1: fix use-after-free for original bio in raid1_write_request()

Showing top 20 of 62 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2024-35957

No comments yet

Leave a comment