CVE-2024-26813

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a NULL pointer dereference in the vfio-platform component of the Linux kernel. This occurs when the vfio-platform SET IRQS ioctl allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user. To resolve this, the kernel now registers all IRQs in a disabled state in the device open path, allowing mask operations on the IRQ to nest within the overall enable state governed by a valid eventfd signal. This change decouples @masked from @trigger, ensuring that changes to @trigger cannot race the IRQ handlers. The request irq() failures are maintained to be local to the SET IRQS ioctl, preventing fatal errors in the open device path and allowing userspace drivers with polling mode support to continue working.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.