CVE-2024-26687

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to commit 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces")

Description The issue arises from the incorrect lock order in the Linux kernel's xen/events module. Specifically, shutdown pirq and startup pirq do not take the irq mapping update lock due to lock inversion, leading to potential races. For instance, shutdown pirq can be interrupted by a function allocating an event channel, causing the evtchn to irq mapping to become invalid. Similarly, startup pirq can race with unbind from irq, potentially unsetting the mapping for an allocated event channel. This vulnerability can lead to a kernel BUG during the probing of NVMe devices, particularly when multiple devices are present, increasing the likelihood of hitting the race condition during boot.

Recommendations To resolve this issue, apply the fix that modifies the internal [un]bind interfaces in the xen/events module, ensuring that the mappings are cleaned up before the event channel is closed. This fix is included in the commit 3fcdaf3d7634. Update the Linux kernel to a version that includes this commit or later to mitigate the vulnerability.