CVE-2024-27437

Summary

In the Linux kernel, the following vulnerability has been resolved:

vfio/pci: Disable auto-enable of exclusive INTx IRQ

Currently for devices requiring masking at the irqchip for INTx, ie. devices without DisINTx support, the IRQ is enabled in request_irq() and subsequently disabled as necessary to align with the masked status flag. This presents a window where the interrupt could fire between these events, resulting in the IRQ incrementing the disable depth twice. This would be unrecoverable for a user since the masked flag prevents nested enables through vfio.

Instead, invert the logic using IRQF_NO_AUTOEN such that exclusive INTx is never auto-enabled, then unmask as required.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 < 26389925d6c2126fb777821a0a983adca7ee6351affected
LinuxLinux89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 < 561d5e1998d58b54ce2bbbb3e843b669aa0b3db5affected
LinuxLinux89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 < b7a2f0955ffceffadfe098b40b50307431f45438affected
LinuxLinux89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 < 139dfcc4d723ab13469881200c7d80f49d776060affected
LinuxLinux89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 < 2a4a666c45107206605b7b5bc20545f8aabc4fa2affected
LinuxLinux89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 < 3b3491ad0f80d913e7d255941d4470f4a4d9bfdaaffected
LinuxLinux89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 < bf0bc84a20e6109ab07d5dc072067bd01eb931ecaffected
LinuxLinux89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 < fe9a7082684eb059b925c535682e68c34d487d43affected
LinuxLinux3.6affected
LinuxLinux0 < 3.6unaffected
LinuxLinux5.4.274 <= 5.4.*unaffected
LinuxLinux5.10.215 <= 5.10.*unaffected
LinuxLinux5.15.154 <= 5.15.*unaffected
LinuxLinux6.1.84 <= 6.1.*unaffected
LinuxLinux6.6.24 <= 6.6.*unaffected
LinuxLinux6.7.12 <= 6.7.*unaffected
LinuxLinux6.8.3 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

Additional References

References