CVE-2024-53232: iommu/s390: Implement blocking domain
First published: Fri Dec 27 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Implement blocking domain This fixes a crash when surprise hot-unplugging a PCI device. This crash happens because during hot-unplug __iommu_group_set_domain_nofail() attaching the default domain fails when the platform no longer recognizes the device as it has already been removed and we end up with a NULL domain pointer and UAF. This is exactly the case referred to in the second comment in __iommu_device_set_domain() and just as stated there if we can instead attach the blocking domain the UAF is prevented as this can handle the already removed device. Implement the blocking domain to use this handling. With this change, the crash is fixed but we still hit a warning attempting to change DMA ownership on a blocked device.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Kernel-devel | ||
| Linux Kernel | >=6.7<6.11.11 | |
| Linux Kernel | >=6.12<6.12.2 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.133-1 6.12.21-1 6.12.22-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/3be34fa1cdbf180c1a948cfededfdf2cdc497199
- https://git.kernel.org/stable/c/bd89d94f3ea6fdaee983cbc69226a00b9bde6d59
- https://git.kernel.org/stable/c/ecda483339a5151e3ca30d6b82691ef6f1d17912
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53232
- https://nvd.nist.gov/vuln/detail/CVE-2024-53232
- https://launchpad.net/bugs/cve/CVE-2024-53232
- https://security-tracker.debian.org/tracker/CVE-2024-53232
- https://ubuntu.com/security/CVE-2024-53232
- https://git.kernel.org/linus/ecda483339a5151e3ca30d6b82691ef6f1d17912
Frequently Asked Questions
What is the severity of CVE-2024-53232?
CVE-2024-53232 has been classified as a medium severity vulnerability affecting certain versions of the Linux kernel.
How do I fix CVE-2024-53232?
To fix CVE-2024-53232, you should upgrade to a patched version of the Linux kernel such as 5.10.223-1, 6.1.123-1, or 6.12.12-1.
What systems are affected by CVE-2024-53232?
CVE-2024-53232 affects Linux kernel versions from 6.7 up to 6.11.11 and versions from 6.12 to 6.12.2.
What is the impact of CVE-2024-53232?
The impact of CVE-2024-53232 is a crash that occurs when a PCI device is unexpectedly unplugged from the system.
Is there a workaround for CVE-2024-53232?
Currently, the recommended approach is to apply the available patches, as no specific workaround has been provided for CVE-2024-53232.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- agent/tags
- agent/description
- agent/event
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/red hat kernel-devel
- canonical/linux kernel
- version/linux kernel/6.7
- version/linux kernel/6.12
- package-manager/debian