PT-2024-7287 · Linux+1 · Linux Kernel+1
Brian King
+1
·
Published
2024-02-19
·
Updated
2025-01-07
·
CVE-2024-26738
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.7.0-203405+
Description:
The issue is related to the powerpc/pseries/iommu component of the Linux kernel. When a PCI device is dynamically added, the kernel experiences a NULL pointer dereference, leading to a crash. This occurs because the
iommu device structure is not properly initialized during the DLPAR add process. The fix involves registering the iommu device during DLPAR add.Recommendations:
To resolve this issue, update the Linux kernel to a version that includes the fix for the powerpc/pseries/iommu component. Specifically, ensure that the kernel version is 6.7.0-203405+ or later. As a temporary workaround, consider disabling the dynamic addition of PCI devices until the kernel can be updated.
Exploit
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel
Red Os