CVE-2024-27079: Linux Kernel IOMMU/vt-d Vulnerability Fixed - NULL Domain on Device Release

Recently, a vulnerability has been discovered in the Linux kernel concerning the IOMMU/vt-d feature. This vulnerability is assigned the CVE identifier CVE-2024-27079. In this post, we will discuss the details of this vulnerability, referred to as the "NULL domain on device release" issue, and the steps taken to resolve it.

Background on IOMMU/vt-d

The IOMMU (Input-Output Memory Management Unit) in the Linux kernel is responsible for managing and isolating devices' memory space, facilitating secure communications between different devices and memory. In particular, the vt-d (Virtualization Technology for Directed I/O) component manages Input-Output Management Units (IOMMUs) with Intel hardware.

Issue Description

The vulnerability arises in the kdump kernel when the IOMMU operates in "deferred_attach" mode. In this specific mode, the info->domain may not be assigned by the time the release_device function is called, leading to a kernel crash. The following snippet demonstrates what the crash may look like:

BUG: kernel NULL pointer dereference, address: 000000000000003c
...
RIP: 001:do_raw_spin_lock+xa/xa
...
_raw_spin_lock_irqsave+x1b/x30
intel_iommu_release_device+x96/x170
iommu_deinit_device+x39/xf
__iommu_group_remove_device+xa/xd
iommu_bus_notifier+x55/xb
notifier_call_chain+x5a/xd
blocking_notifier_call_chain+x41/x60
bus_notify+x34/x50
device_del+x269/x3d
pci_remove_bus_device+x77/x100
p2sb_bar+xae/x1d
...
i801_probe+x423/x740

Resolution

The Linux kernel development team resolved this vulnerability by using the release_domain mechanism. By clearing the scalable mode context entry, which is not part of the release domain, in the release_device() function, the NULL domain on device release issue was fixed.

1. IOMMU/vt-d Linux Kernel Documentation
2. Linux Kernel Mailing List - Fix NULL Domain on Device Release
3. Linux Kernel Source - IOMMU Patch

Conclusion

The Linux kernel's IOMMU/vt-d vulnerability CVE-2024-27079 highlights the importance of continuous vigilance and improvement in ensuring the security and stability of the Linux kernel. The kernel development team's quick response to address this issue demonstrates their commitment to user and system security. It is essential for Linux users to keep their systems up-to-date and maintain awareness of ongoing security improvements in the kernel.

Timeline

Published on: 05/01/2024 13:15:51 UTC
Last modified on: 12/19/2024 08:53:59 UTC