Gaurav Batra

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.7.0-203405+ Description: The issue is related to the powerpc/pseries/iommu component of the Linux kernel. When a PCI device is dynamically added, the kernel experiences a NULL pointer dereference, leading to a crash. This occurs because the `iommu device` structure is not properly initialized during the DLPAR add process. The fix involves registering the iommu device during DLPAR add. Recommendations: To resolve this issue, update the Linux kernel to a version that includes the fix for the powerpc/pseries/iommu component. Specifically, ensure that the kernel version is 6.7.0-203405+ or later. As a temporary workaround, consider disabling the dynamic addition of PCI devices until the kernel can be updated.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.8.0-rc4 **Description** The vulnerability is caused by the incorrect spelling of a function name in the RTAS function table, leading to failed reverse lookups and warnings. The PAPR spec spells the function name as "ibm,reset-pe-dma-windows", but the firmware uses the singular form "ibm,reset-pe-dma-window". This mismatch causes issues when lockdep is enabled or the RTAS tracepoints are active, as these paths dereference the result of the lookup. **Recommendations** To resolve the issue, use the correct spelling of the function name to match the firmware's behavior, adjusting the related constants to match. Specifically, update the RTAS function table to use the correct spelling "ibm,reset-pe-dma-window" instead of "ibm,reset-pe-dma-windows". Note: The provided information does not specify the exact steps or patches required to fix the vulnerability for each affected version. However, based on the description, the resolution involves correcting the function name spelling in the RTAS function table.