Venkat Rao Bagalkote

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.8.0-rc3-autotest-g99bd3cb0d12e **Description** A vulnerability in the Linux kernel has been resolved, specifically in the powerpc/iommu component. The issue arises from a missing call to `iommu group put()` during platform domain attachment when the domain is already set. This refcount leak is evident during DLPAR remove operations, resulting in a kernel bug. The patch adds the missing `iommu group put()` call to rectify this issue. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the patch for the missing `iommu group put()` call. Specifically, update to a version later than 6.8.0-rc3-autotest-g99bd3cb0d12e. As a temporary workaround, consider disabling the `spapr tce platform iommu attach dev()` function until a patch is available. However, this workaround may have unintended consequences and should be used with caution.