CVE-2024-26709

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-rc3-autotest-g99bd3cb0d12e

Description A vulnerability in the Linux kernel has been resolved, specifically in the powerpc/iommu component. The issue arises from a missing call to iommu group put() during platform domain attachment when the domain is already set. This refcount leak is evident during DLPAR remove operations, resulting in a kernel bug. The patch adds the missing iommu group put() call to rectify this issue.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the patch for the missing iommu group put() call. Specifically, update to a version later than 6.8.0-rc3-autotest-g99bd3cb0d12e. As a temporary workaround, consider disabling the spapr tce platform iommu attach dev() function until a patch is available. However, this workaround may have unintended consequences and should be used with caution.