CVE-2024-57999

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description A vulnerability in the Linux kernel has been identified, specifically in the powerpc/pseries/iommu module. The issue arises when the Power Hypervisor allocates an MMIO window that intersects with the Dynamic DMA Window (DDW) range, which exceeds 32-bit addressing. As a result, the IOMMU incorrectly marks the MMIO range, leading to the kernel attempting to map DMA buffers in this range. This can cause the system to crash during boot, resulting in an Oops error. The vulnerability is attributed to two main issues: the index being an integer while the address is an unsigned long, resulting in negative values when setting the bitmap, and the DMA offset being page-shifted while the MMIO range is used as-is, requiring the MMIO address to be page-shifted as well.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for this vulnerability. As a temporary workaround, consider disabling the iommu table reserve pages() function until a patch is available. Restrict access to the vulnerable iommu init table() function to minimize the risk of exploitation. Avoid using the dma iommu dma supported() function in conjunction with the affected iommu bypass supported pSeriesLP() function until the issue is resolved.