Vulnerabilities > CVE-2024-40945 - NULL Pointer Dereference vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: iommu: Return right value in iommu_sva_bind_device() iommu_sva_bind_device() should return either a sva bond handle or an ERR_PTR value in error cases. Existing drivers (idxd and uacce) only check the return value with IS_ERR(). This could potentially lead to a kernel NULL pointer dereference issue if the function returns NULL instead of an error pointer. In reality, this doesn't cause any problems because iommu_sva_bind_device() only returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA. In this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will return an error, and the device drivers won't call iommu_sva_bind_device() at all.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998
- https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998
- https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e
- https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e
- https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8
- https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8
- https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6
- https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6
- https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e
- https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e
- https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e
- https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e