PT-2024-32226 · Linux+4 · Linux Kernel+4

Published

2024-06-28

Updated

2025-09-29

CVE-2024-46824

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-rc7-gde77230ac23a

Description The issue is related to the iommufd component in the Linux kernel, which requires drivers to supply the cache invalidate user ops. If drivers do not implement this operation, iommufd may encounter invalidation ioctls, resulting in a kernel NULL pointer dereference. The error is characterized by an Internal error: Oops message, followed by a call trace that includes the iommufd hwpt invalidate and iommufd fops ioctl functions. All existing drivers implement this op for nesting, and this fix is mostly a bisection aid.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2024:9605

ALSA-2025_16880

BDU:2025-05972

CVE-2024-46824

INFSA-2024_9605

OESA-2024-2367

RHSA-2024:9605

RHSA-2024_9605

USN-7154-1

USN-7154-2

USN-7155-1

USN-7156-1

USN-7196-1

Affected Products

Almalinux

Linuxmint

Linux Kernel

Red Hat

Ubuntu

PT-2024-32226 · Linux+4 · Linux Kernel+4

CVE-2024-46824

Weakness Enumeration

Related Identifiers

Affected Products

References · 770