Alex Williamson

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a NULL pointer dereference in the vfio-platform component of the Linux kernel. This occurs when the vfio-platform SET IRQS ioctl allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user. To resolve this, the kernel now registers all IRQs in a disabled state in the device open path, allowing mask operations on the IRQ to nest within the overall enable state governed by a valid eventfd signal. This change decouples `@masked` from `@trigger`, ensuring that changes to `@trigger` cannot race the IRQ handlers. The `request irq()` failures are maintained to be local to the SET IRQS ioctl, preventing fatal errors in the open device path and allowing userspace drivers with polling mode support to continue working. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 3.10, 4.14, and 4.18 **Description** A flaw in the Linux kernel's vfio interface implementation allows for the violation of a user's locked memory limit, potentially causing system memory exhaustion and a denial of service (DoS). This issue can be exploited if a device is bound to a vfio driver and the attacker has administrative ownership of the device. **Recommendations** For version 3.10, update to a fixed version to resolve the issue. For version 4.14, update to a fixed version to resolve the issue. For version 4.18, update to a fixed version to resolve the issue. As a temporary workaround, consider restricting access to vfio drivers, such as vfio-pci, to minimize the risk of exploitation.