CVE-2024-27437

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to errors in resource management within the vfio intx set signal() function of the Linux kernel's vfio/pci component. This could allow an attacker to cause a denial of service. The problem arises from the handling of interrupts for devices that require masking at the irqchip for INTx, specifically those without DisINTx support. The IRQ is enabled in request irq() and then disabled as necessary, creating a window where the interrupt could fire, resulting in the IRQ incrementing the disable depth twice, which would be unrecoverable for a user due to the masked flag preventing nested enables through vfio. The solution involves inverting the logic using IRQF NO AUTOEN so that exclusive INTx is never auto-enabled, and then unmasking as required.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.