SB20240608228 - Improper locking in Linux kernel vfio pci driver
Published: June 8, 2024 Updated: May 13, 2025
Security Bulletin ID
SB20240608228
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2024-26812)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_intx_handler() and vfio_pci_set_intx_trigger() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/7d29d4c72c1e196cce6969c98072a272d1a703b3
- https://git.kernel.org/stable/c/69276a555c740acfbff13fb5769ee9c92e1c828e
- https://git.kernel.org/stable/c/4c089cefe30924fbe20dd1ee92774ea1f5eca834
- https://git.kernel.org/stable/c/0e09cf81959d9f12b75ad5c6dd53d237432ed034
- https://git.kernel.org/stable/c/18c198c96a815c962adc2b9b77909eec0be7df4d
- https://git.kernel.org/stable/c/4cb0d7532126d23145329826c38054b4e9a05e7c
- https://git.kernel.org/stable/c/b18fa894d615c8527e15d96b76c7448800e13899
- https://git.kernel.org/stable/c/27d40bf72dd9a6600b76ad05859176ea9a1b4897
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.215