CVE-2024-26713

Name of the Vulnerable Software and Affected Versions Linux kernel version 6.7.0-203405+

Description The Linux kernel has a vulnerability that causes a NULL pointer dereference when a PCI device is dynamically added. This occurs because the iommu device structure is not properly initialized during the DLPAR add process. The vulnerability is caused by a commit that added iommu ops to report capabilities and allow blocking domains, which broke the DLPAR add functionality.

Recommendations To resolve this issue, register the iommu device during DLPAR add as well. This can be done by calling the iommu device register() function during the DLPAR add process, ensuring that the iommu device structure is properly initialized.

Note: The provided information does not specify the exact versions that are vulnerable or the versions that contain the fix. However, based on the given data, it appears that Linux kernel version 6.7.0-203405+ is affected.