SB20240608157 - Improper locking in Linux kernel dma idxd driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2024-35991)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the process_evl_entries() function in drivers/dma/idxd/irq.c, within the idxd_init_evl() function in drivers/dma/idxd/init.c, within the idxd_device_evl_setup() and idxd_device_evl_free() functions in drivers/dma/idxd/device.c, within the debugfs_evl_show() function in drivers/dma/idxd/debugfs.c, within the idxd_cdev_evl_drain_pasid() function in drivers/dma/idxd/cdev.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/758071a35d9f3ffd84ff12169d081412a2f5f098
• https://git.kernel.org/stable/c/c9b732a9f73eadc638abdcf0a6d39bc7a0c1af5f
• https://git.kernel.org/stable/c/d5638de827cff0fce77007e426ec0ffdedf68a44
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.30