CVE-2024-27437: Linux Kernel Vulnerability - Disabling Auto-enable of Exclusive INTx IRQ in VFIO/PCI

A newly resolved vulnerability (CVE-2024-27437) in the Linux kernel has been discovered, concerning the VFIO/PCI subsystem. The resolution of this vulnerability involves disabling the auto-enable of exclusive INTx IRQ to prevent unintended behaviors and potential security risks.

Background

The Linux kernel, being the core of the Linux operating system, is responsible for managing the hardware, memory, and processes on a system. Vulnerabilities present in it can pose significant security risks. The VFIO/PCI subsystem, a component of the Linux kernel, manages device access using Virtual Function I/O (VFIO), a high-speed data transfer interface that is used to communicate with peripheral devices like GPUs and NICs in virtual machine environments.

Vulnerability

In the VFIO/PCI subsystem, devices requiring masking at the irqchip for INTx (i.e. devices without DisINTx support) currently have the IRQ (Interrupt Request) enabled in the request_irq() function. The IRQ is then subsequently disabled as necessary to align with the masked status flag. However, this presents a window where the interrupt could fire between these events, resulting in the IRQ incrementing the disable depth twice. This issue would be unrecoverable for a user since the masked flag prevents nested enables through vfio.

Exploit Details

The vulnerability found in the Linux kernel allows for a window of opportunity where the interrupt could fire between the enabling and the disabling of the IRQ. This event would cause the IRQ to increment the disable depth twice, leading to a situation that is unrecoverable for the user, as the masked flag would prevent further nested enables through VFIO.

#### Resolution / Patch
To address this vulnerability, the logic has been inverted using the IRQF_NO_AUTOEN flag. This means that the exclusive INTx is never auto-enabled, and a user must unmask it as required. This change effectively closes the window of opportunity for the interrupt to fire between the enabling and disabling events, mitigating the possibility of encountering the unrecoverable situation described earlier.

Here's a code snippet implementing the fix

// Before: The IRQ is enabled in request_irq()
request_irq(irq, vfio_intx_interrupt, , "vfio-intx", vdev);

// After: Exclusive INTx is never auto-enabled
request_irq(irq, vfio_intx_interrupt, IRQF_NO_AUTOEN, "vfio-intx", vdev);

// Unmask as required (if necessary)
unmask_vfio_irq(vdev);

Reference(s)

- Original commit
- Linux kernel source

Conclusion

This vulnerability (CVE-2024-27437) resolution aims to improve the security and reliability of the Linux kernel. By disabling the auto-enable of exclusive INTx IRQ in the VFIO/PCI subsystem, users no longer face the risk of encountering an unrecoverable situation due to the IRQ incrementing the disable depth twice. It is recommended that system administrators and users update their Linux kernel accordingly to apply this resolution.

Timeline

Published on: 04/05/2024 09:15:09 UTC
Last modified on: 06/25/2024 21:15:58 UTC