PT-2024-9019 · Linux+7 · Linux Kernel+7
Published
2024-05-30
·
Updated
2025-09-29
·
CVE-2024-36926
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.37
Description:
The vulnerability is related to a NULL pointer dereference in the powerpc/pseries/iommu component of the Linux kernel. This occurs when the partition firmware does not provide the
ibm,dma-window property for a PE (Processing Element) at boot time, which can happen if the firmware has frozen the PE due to an error condition. As a result, the LPAR (Logical Partition) may panic during boot up with a NULL pointer dereference when configuring the PCI bus.Technical details about exploitation include:
- The
pci dma bus setup pSeriesLPfunction is involved in the vulnerability. - The issue arises when the
ibm,dma-windowproperty is missing for a PE. - The vulnerability leads to a kernel NULL pointer dereference on read at address 0x000000c8.
Recommendations:
To resolve the issue, update the Linux kernel to version 6.6.37 or later.
As a temporary workaround, consider disabling the
pci dma bus setup pSeriesLP function until a patch is available.
Restrict access to the vulnerable powerpc/pseries/iommu component to minimize the risk of exploitation.Exploit
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu