cve-2024-26891
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2024-12-19 08:49
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected For those endpoint devices connect to system via hotplug capable ports, users could request a hot reset to the device by flapping device's link through setting the slot's link control register, as pciehp_ist() DLLSC interrupt sequence response, pciehp will unload the device driver and then power it off. thus cause an IOMMU device-TLB invalidation (Intel VT-d spec, or ATS Invalidation in PCIe spec r6.1) request for non-existence target device to be sent and deadly loop to retry that request after ITE fault triggered in interrupt context. That would cause following continuous hard lockup warning and system hang [ 4211.433662] pcieport 0000:17:01.0: pciehp: Slot(108): Link Down [ 4211.433664] pcieport 0000:17:01.0: pciehp: Slot(108): Card not present [ 4223.822591] NMI watchdog: Watchdog detected hard LOCKUP on cpu 144 [ 4223.822622] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S OE kernel version xxxx [ 4223.822623] Hardware name: vendorname xxxx 666-106, BIOS 01.01.02.03.01 05/15/2023 [ 4223.822623] RIP: 0010:qi_submit_sync+0x2c0/0x490 [ 4223.822624] Code: 48 be 00 00 00 00 00 08 00 00 49 85 74 24 20 0f 95 c1 48 8b 57 10 83 c1 04 83 3c 1a 03 0f 84 a2 01 00 00 49 8b 04 24 8b 70 34 <40> f6 c6 1 0 74 17 49 8b 04 24 8b 80 80 00 00 00 89 c2 d3 fa 41 39 [ 4223.822624] RSP: 0018:ffffc4f074f0bbb8 EFLAGS: 00000093 [ 4223.822625] RAX: ffffc4f040059000 RBX: 0000000000000014 RCX: 0000000000000005 [ 4223.822625] RDX: ffff9f3841315800 RSI: 0000000000000000 RDI: ffff9f38401a8340 [ 4223.822625] RBP: ffff9f38401a8340 R08: ffffc4f074f0bc00 R09: 0000000000000000 [ 4223.822626] R10: 0000000000000010 R11: 0000000000000018 R12: ffff9f384005e200 [ 4223.822626] R13: 0000000000000004 R14: 0000000000000046 R15: 0000000000000004 [ 4223.822626] FS: 0000000000000000(0000) GS:ffffa237ae400000(0000) knlGS:0000000000000000 [ 4223.822627] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4223.822627] CR2: 00007ffe86515d80 CR3: 000002fd3000a001 CR4: 0000000000770ee0 [ 4223.822627] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4223.822628] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 [ 4223.822628] PKRU: 55555554 [ 4223.822628] Call Trace: [ 4223.822628] qi_flush_dev_iotlb+0xb1/0xd0 [ 4223.822628] __dmar_remove_one_dev_info+0x224/0x250 [ 4223.822629] dmar_remove_one_dev_info+0x3e/0x50 [ 4223.822629] intel_iommu_release_device+0x1f/0x30 [ 4223.822629] iommu_release_device+0x33/0x60 [ 4223.822629] iommu_bus_notifier+0x7f/0x90 [ 4223.822630] blocking_notifier_call_chain+0x60/0x90 [ 4223.822630] device_del+0x2e5/0x420 [ 4223.822630] pci_remove_bus_device+0x70/0x110 [ 4223.822630] pciehp_unconfigure_device+0x7c/0x130 [ 4223.822631] pciehp_disable_slot+0x6b/0x100 [ 4223.822631] pciehp_handle_presence_or_link_change+0xd8/0x320 [ 4223.822631] pciehp_ist+0x176/0x180 [ 4223.822631] ? irq_finalize_oneshot.part.50+0x110/0x110 [ 4223.822632] irq_thread_fn+0x19/0x50 [ 4223.822632] irq_thread+0x104/0x190 [ 4223.822632] ? irq_forced_thread_fn+0x90/0x90 [ 4223.822632] ? irq_thread_check_affinity+0xe0/0xe0 [ 4223.822633] kthread+0x114/0x130 [ 4223.822633] ? __kthread_cancel_work+0x40/0x40 [ 4223.822633] ret_from_fork+0x1f/0x30 [ 4223.822633] Kernel panic - not syncing: Hard LOCKUP [ 4223.822634] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S OE kernel version xxxx [ 4223.822634] Hardware name: vendorname xxxx 666-106, BIOS 01.01.02.03.01 05/15/2023 [ 4223.822634] Call Trace: [ 4223.822634] <NMI> [ 4223.822635] dump_stack+0x6d/0x88 [ 4223.822635] panic+0x101/0x2d0 [ 4223.822635] ? ret_from_fork+0x11/0x30 [ 4223.822635] nmi_panic.cold.14+0xc/0xc [ 4223.822636] watchdog_overflow_callback.cold.8+0x6d/0x81 [ 4223.822636] __perf_event_overflow+0x4f/0xf0 [ 4223.822636] handle_pmi_common ---truncated---
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/025bc6b41e020aeb1e71f84ae3ffce945026de05
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2b74b2a92e524d7c8dec8e02e95ecf18b667c062
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/34a7b30f56d30114bf4d436e4dc793afe326fbcf
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4fc82cd907ac075648789cc3a00877778aa1838b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c04f2780919f20e2cc4846764221f5e802555868
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d70f1c85113cd8c2aa8373f491ca5d1b22ec0554
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f873b85ec762c5a6abe94a7ddb31df5d3ba07d85
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/025bc6b41e020aeb1e71f84ae3ffce945026de05
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/2b74b2a92e524d7c8dec8e02e95ecf18b667c062
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/34a7b30f56d30114bf4d436e4dc793afe326fbcf
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/4fc82cd907ac075648789cc3a00877778aa1838b
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/c04f2780919f20e2cc4846764221f5e802555868
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/d70f1c85113cd8c2aa8373f491ca5d1b22ec0554
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/f873b85ec762c5a6abe94a7ddb31df5d3ba07d85
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Impacted products
Vendor Product Version
Linux Linux Version: 5.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26891",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:41:17.252617Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:47:46.218Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.551Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f873b85ec762c5a6abe94a7ddb31df5d3ba07d85"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d70f1c85113cd8c2aa8373f491ca5d1b22ec0554"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/34a7b30f56d30114bf4d436e4dc793afe326fbcf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2b74b2a92e524d7c8dec8e02e95ecf18b667c062"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c04f2780919f20e2cc4846764221f5e802555868"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/025bc6b41e020aeb1e71f84ae3ffce945026de05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4fc82cd907ac075648789cc3a00877778aa1838b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/iommu/intel/pasid.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f873b85ec762c5a6abe94a7ddb31df5d3ba07d85",
              "status": "affected",
              "version": "6f7db75e1c469057fe7588ed959328ead771ccc7",
              "versionType": "git"
            },
            {
              "lessThan": "d70f1c85113cd8c2aa8373f491ca5d1b22ec0554",
              "status": "affected",
              "version": "6f7db75e1c469057fe7588ed959328ead771ccc7",
              "versionType": "git"
            },
            {
              "lessThan": "34a7b30f56d30114bf4d436e4dc793afe326fbcf",
              "status": "affected",
              "version": "6f7db75e1c469057fe7588ed959328ead771ccc7",
              "versionType": "git"
            },
            {
              "lessThan": "2b74b2a92e524d7c8dec8e02e95ecf18b667c062",
              "status": "affected",
              "version": "6f7db75e1c469057fe7588ed959328ead771ccc7",
              "versionType": "git"
            },
            {
              "lessThan": "c04f2780919f20e2cc4846764221f5e802555868",
              "status": "affected",
              "version": "6f7db75e1c469057fe7588ed959328ead771ccc7",
              "versionType": "git"
            },
            {
              "lessThan": "025bc6b41e020aeb1e71f84ae3ffce945026de05",
              "status": "affected",
              "version": "6f7db75e1c469057fe7588ed959328ead771ccc7",
              "versionType": "git"
            },
            {
              "lessThan": "4fc82cd907ac075648789cc3a00877778aa1838b",
              "status": "affected",
              "version": "6f7db75e1c469057fe7588ed959328ead771ccc7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/iommu/intel/pasid.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Don\u0027t issue ATS Invalidation request when device is disconnected\n\nFor those endpoint devices connect to system via hotplug capable ports,\nusers could request a hot reset to the device by flapping device\u0027s link\nthrough setting the slot\u0027s link control register, as pciehp_ist() DLLSC\ninterrupt sequence response, pciehp will unload the device driver and\nthen power it off. thus cause an IOMMU device-TLB invalidation (Intel\nVT-d spec, or ATS Invalidation in PCIe spec r6.1) request for non-existence\ntarget device to be sent and deadly loop to retry that request after ITE\nfault triggered in interrupt context.\n\nThat would cause following continuous hard lockup warning and system hang\n\n[ 4211.433662] pcieport 0000:17:01.0: pciehp: Slot(108): Link Down\n[ 4211.433664] pcieport 0000:17:01.0: pciehp: Slot(108): Card not present\n[ 4223.822591] NMI watchdog: Watchdog detected hard LOCKUP on cpu 144\n[ 4223.822622] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S\n         OE    kernel version xxxx\n[ 4223.822623] Hardware name: vendorname xxxx 666-106,\nBIOS 01.01.02.03.01 05/15/2023\n[ 4223.822623] RIP: 0010:qi_submit_sync+0x2c0/0x490\n[ 4223.822624] Code: 48 be 00 00 00 00 00 08 00 00 49 85 74 24 20 0f 95 c1 48 8b\n 57 10 83 c1 04 83 3c 1a 03 0f 84 a2 01 00 00 49 8b 04 24 8b 70 34 \u003c40\u003e f6 c6 1\n0 74 17 49 8b 04 24 8b 80 80 00 00 00 89 c2 d3 fa 41 39\n[ 4223.822624] RSP: 0018:ffffc4f074f0bbb8 EFLAGS: 00000093\n[ 4223.822625] RAX: ffffc4f040059000 RBX: 0000000000000014 RCX: 0000000000000005\n[ 4223.822625] RDX: ffff9f3841315800 RSI: 0000000000000000 RDI: ffff9f38401a8340\n[ 4223.822625] RBP: ffff9f38401a8340 R08: ffffc4f074f0bc00 R09: 0000000000000000\n[ 4223.822626] R10: 0000000000000010 R11: 0000000000000018 R12: ffff9f384005e200\n[ 4223.822626] R13: 0000000000000004 R14: 0000000000000046 R15: 0000000000000004\n[ 4223.822626] FS:  0000000000000000(0000) GS:ffffa237ae400000(0000)\nknlGS:0000000000000000\n[ 4223.822627] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4223.822627] CR2: 00007ffe86515d80 CR3: 000002fd3000a001 CR4: 0000000000770ee0\n[ 4223.822627] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 4223.822628] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[ 4223.822628] PKRU: 55555554\n[ 4223.822628] Call Trace:\n[ 4223.822628]  qi_flush_dev_iotlb+0xb1/0xd0\n[ 4223.822628]  __dmar_remove_one_dev_info+0x224/0x250\n[ 4223.822629]  dmar_remove_one_dev_info+0x3e/0x50\n[ 4223.822629]  intel_iommu_release_device+0x1f/0x30\n[ 4223.822629]  iommu_release_device+0x33/0x60\n[ 4223.822629]  iommu_bus_notifier+0x7f/0x90\n[ 4223.822630]  blocking_notifier_call_chain+0x60/0x90\n[ 4223.822630]  device_del+0x2e5/0x420\n[ 4223.822630]  pci_remove_bus_device+0x70/0x110\n[ 4223.822630]  pciehp_unconfigure_device+0x7c/0x130\n[ 4223.822631]  pciehp_disable_slot+0x6b/0x100\n[ 4223.822631]  pciehp_handle_presence_or_link_change+0xd8/0x320\n[ 4223.822631]  pciehp_ist+0x176/0x180\n[ 4223.822631]  ? irq_finalize_oneshot.part.50+0x110/0x110\n[ 4223.822632]  irq_thread_fn+0x19/0x50\n[ 4223.822632]  irq_thread+0x104/0x190\n[ 4223.822632]  ? irq_forced_thread_fn+0x90/0x90\n[ 4223.822632]  ? irq_thread_check_affinity+0xe0/0xe0\n[ 4223.822633]  kthread+0x114/0x130\n[ 4223.822633]  ? __kthread_cancel_work+0x40/0x40\n[ 4223.822633]  ret_from_fork+0x1f/0x30\n[ 4223.822633] Kernel panic - not syncing: Hard LOCKUP\n[ 4223.822634] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S\n         OE     kernel version xxxx\n[ 4223.822634] Hardware name: vendorname xxxx 666-106,\nBIOS 01.01.02.03.01 05/15/2023\n[ 4223.822634] Call Trace:\n[ 4223.822634]  \u003cNMI\u003e\n[ 4223.822635]  dump_stack+0x6d/0x88\n[ 4223.822635]  panic+0x101/0x2d0\n[ 4223.822635]  ? ret_from_fork+0x11/0x30\n[ 4223.822635]  nmi_panic.cold.14+0xc/0xc\n[ 4223.822636]  watchdog_overflow_callback.cold.8+0x6d/0x81\n[ 4223.822636]  __perf_event_overflow+0x4f/0xf0\n[ 4223.822636]  handle_pmi_common\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T08:49:36.580Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f873b85ec762c5a6abe94a7ddb31df5d3ba07d85"
        },
        {
          "url": "https://git.kernel.org/stable/c/d70f1c85113cd8c2aa8373f491ca5d1b22ec0554"
        },
        {
          "url": "https://git.kernel.org/stable/c/34a7b30f56d30114bf4d436e4dc793afe326fbcf"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b74b2a92e524d7c8dec8e02e95ecf18b667c062"
        },
        {
          "url": "https://git.kernel.org/stable/c/c04f2780919f20e2cc4846764221f5e802555868"
        },
        {
          "url": "https://git.kernel.org/stable/c/025bc6b41e020aeb1e71f84ae3ffce945026de05"
        },
        {
          "url": "https://git.kernel.org/stable/c/4fc82cd907ac075648789cc3a00877778aa1838b"
        }
      ],
      "title": "iommu/vt-d: Don\u0027t issue ATS Invalidation request when device is disconnected",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26891",
    "datePublished": "2024-04-17T10:27:44.061Z",
    "dateReserved": "2024-02-19T14:20:24.186Z",
    "dateUpdated": "2024-12-19T08:49:36.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-26891\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-04-17T11:15:10.477\",\"lastModified\":\"2024-11-21T09:03:18.877\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\niommu/vt-d: Don\u0027t issue ATS Invalidation request when device is disconnected\\n\\nFor those endpoint devices connect to system via hotplug capable ports,\\nusers could request a hot reset to the device by flapping device\u0027s link\\nthrough setting the slot\u0027s link control register, as pciehp_ist() DLLSC\\ninterrupt sequence response, pciehp will unload the device driver and\\nthen power it off. thus cause an IOMMU device-TLB invalidation (Intel\\nVT-d spec, or ATS Invalidation in PCIe spec r6.1) request for non-existence\\ntarget device to be sent and deadly loop to retry that request after ITE\\nfault triggered in interrupt context.\\n\\nThat would cause following continuous hard lockup warning and system hang\\n\\n[ 4211.433662] pcieport 0000:17:01.0: pciehp: Slot(108): Link Down\\n[ 4211.433664] pcieport 0000:17:01.0: pciehp: Slot(108): Card not present\\n[ 4223.822591] NMI watchdog: Watchdog detected hard LOCKUP on cpu 144\\n[ 4223.822622] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S\\n         OE    kernel version xxxx\\n[ 4223.822623] Hardware name: vendorname xxxx 666-106,\\nBIOS 01.01.02.03.01 05/15/2023\\n[ 4223.822623] RIP: 0010:qi_submit_sync+0x2c0/0x490\\n[ 4223.822624] Code: 48 be 00 00 00 00 00 08 00 00 49 85 74 24 20 0f 95 c1 48 8b\\n 57 10 83 c1 04 83 3c 1a 03 0f 84 a2 01 00 00 49 8b 04 24 8b 70 34 \u003c40\u003e f6 c6 1\\n0 74 17 49 8b 04 24 8b 80 80 00 00 00 89 c2 d3 fa 41 39\\n[ 4223.822624] RSP: 0018:ffffc4f074f0bbb8 EFLAGS: 00000093\\n[ 4223.822625] RAX: ffffc4f040059000 RBX: 0000000000000014 RCX: 0000000000000005\\n[ 4223.822625] RDX: ffff9f3841315800 RSI: 0000000000000000 RDI: ffff9f38401a8340\\n[ 4223.822625] RBP: ffff9f38401a8340 R08: ffffc4f074f0bc00 R09: 0000000000000000\\n[ 4223.822626] R10: 0000000000000010 R11: 0000000000000018 R12: ffff9f384005e200\\n[ 4223.822626] R13: 0000000000000004 R14: 0000000000000046 R15: 0000000000000004\\n[ 4223.822626] FS:  0000000000000000(0000) GS:ffffa237ae400000(0000)\\nknlGS:0000000000000000\\n[ 4223.822627] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n[ 4223.822627] CR2: 00007ffe86515d80 CR3: 000002fd3000a001 CR4: 0000000000770ee0\\n[ 4223.822627] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\\n[ 4223.822628] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\\n[ 4223.822628] PKRU: 55555554\\n[ 4223.822628] Call Trace:\\n[ 4223.822628]  qi_flush_dev_iotlb+0xb1/0xd0\\n[ 4223.822628]  __dmar_remove_one_dev_info+0x224/0x250\\n[ 4223.822629]  dmar_remove_one_dev_info+0x3e/0x50\\n[ 4223.822629]  intel_iommu_release_device+0x1f/0x30\\n[ 4223.822629]  iommu_release_device+0x33/0x60\\n[ 4223.822629]  iommu_bus_notifier+0x7f/0x90\\n[ 4223.822630]  blocking_notifier_call_chain+0x60/0x90\\n[ 4223.822630]  device_del+0x2e5/0x420\\n[ 4223.822630]  pci_remove_bus_device+0x70/0x110\\n[ 4223.822630]  pciehp_unconfigure_device+0x7c/0x130\\n[ 4223.822631]  pciehp_disable_slot+0x6b/0x100\\n[ 4223.822631]  pciehp_handle_presence_or_link_change+0xd8/0x320\\n[ 4223.822631]  pciehp_ist+0x176/0x180\\n[ 4223.822631]  ? irq_finalize_oneshot.part.50+0x110/0x110\\n[ 4223.822632]  irq_thread_fn+0x19/0x50\\n[ 4223.822632]  irq_thread+0x104/0x190\\n[ 4223.822632]  ? irq_forced_thread_fn+0x90/0x90\\n[ 4223.822632]  ? irq_thread_check_affinity+0xe0/0xe0\\n[ 4223.822633]  kthread+0x114/0x130\\n[ 4223.822633]  ? __kthread_cancel_work+0x40/0x40\\n[ 4223.822633]  ret_from_fork+0x1f/0x30\\n[ 4223.822633] Kernel panic - not syncing: Hard LOCKUP\\n[ 4223.822634] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S\\n         OE     kernel version xxxx\\n[ 4223.822634] Hardware name: vendorname xxxx 666-106,\\nBIOS 01.01.02.03.01 05/15/2023\\n[ 4223.822634] Call Trace:\\n[ 4223.822634]  \u003cNMI\u003e\\n[ 4223.822635]  dump_stack+0x6d/0x88\\n[ 4223.822635]  panic+0x101/0x2d0\\n[ 4223.822635]  ? ret_from_fork+0x11/0x30\\n[ 4223.822635]  nmi_panic.cold.14+0xc/0xc\\n[ 4223.822636]  watchdog_overflow_callback.cold.8+0x6d/0x81\\n[ 4223.822636]  __perf_event_overflow+0x4f/0xf0\\n[ 4223.822636]  handle_pmi_common\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: iommu/vt-d: no emitir solicitud de invalidaci\u00f3n de ATS cuando el dispositivo est\u00e1 desconectado. Para aquellos dispositivos terminales que se conectan al sistema a trav\u00e9s de puertos con capacidad de conexi\u00f3n en caliente, los usuarios pueden solicitar un reinicio en caliente del dispositivo. Al agitar el enlace del dispositivo configurando el registro de control de enlace de la ranura, como respuesta de secuencia de interrupci\u00f3n DLLSC pciehp_ist(), pciehp descargar\u00e1 el controlador del dispositivo y luego lo apagar\u00e1. por lo tanto, causa una solicitud de invalidaci\u00f3n de TLB de dispositivo IOMMU (especificaci\u00f3n Intel VT-d o invalidaci\u00f3n ATS en especificaci\u00f3n PCIe r6.1) para que se env\u00ede un dispositivo de destino inexistente y un bucle mortal para reintentar esa solicitud despu\u00e9s de que se active una falla de ITE en el contexto de interrupci\u00f3n. Eso provocar\u00eda la siguiente advertencia continua de bloqueo duro y el sistema se bloquear\u00eda [ 4211.433662] pcieport 0000:17:01.0: pciehp: Slot(108): Link Down [ 4211.433664] pcieport 0000:17:01.0: pciehp: Slot(108): Card not present [ 4223.822591] Vigilancia NMI: Vigilancia detect\u00f3 BLOQUEO duro en la CPU 144 [ 4223.822622 ] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: cargado Contaminado: versi\u00f3n del kernel GS OE xxxx [ 4223.822623] Nombre del hardware: nombre del proveedor xxxx 666-106 , BIOS 01.01.02.03.01 15/05/2023 [ 4223.822623] RIP: 0010:qi_submit_sync+0x2c0/0x490 [ 4223.822624] C\u00f3digo: 48 be 00 00 00 00 00 08 00 00 49 85 24 20 0f 95 c1 48 8b 57 10 83 c1 04 83 3c 1a 03 0f 84 a2 01 00 00 49 8b 04 24 8b 70 34 \u0026lt;40\u0026gt; f6 c6 1 0 74 17 49 8b 04 24 8b 80 80 00 00 00 89 c2 d3 fa 41 39 [ 4223.822624] RSP : 0018:ffffc4f074f0bbb8 EFLAGS: 00000093 [ 4223.822625] RAX: ffffc4f040059000 RBX: 00000000000000014 RCX: 0000000000000005 [ 4223.822625] : ffff9f3841315800 RSI: 0000000000000000 RDI: ffff9f38401a8340 [ 4223.822625] RBP: ffff9f38401a8340 R08: ffffc4f074f0bc00 R09: 00000000000000000 [4223.822626] R10: 0000000000000010 R11 : 000000000000000018 R12: FFFF9F384005E200 [4223.822626] R13: 000000000000000004 R14: 00000000000000000046 0000) KNLGS: 000000000000000000 [4223.822627] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [4223.822627] CR2: 00007ffe86515d80 CR3: 000002FD3000A001 CR4: 0000000000770EE0 [4223.8222627] DR0: 000000000000000000000000 00000000 DR6: 000000000000FFFE07F0 DR7: 000000000000000400 [4223.822628] PKRU: 555555554 [4223.822628] Lista de llamada: [4223.822628 ] qi_flush_dev_iotlb+0xb1/0xd0 [ 4223.822628] __dmar_remove_one_dev_info+0x224/0x250 [ 4223.822629] dmar_remove_one_dev_info+0x3e/0x50 [ 4223.822629] _device+0x1f/0x30 [ 4223.822629] iommu_release_device+0x33/0x60 [ 4223.822629] iommu_bus_notifier+0x7f/0x90 [ 4223.822630] blocking_notifier_call_chain +0x60/0x90 [ 4223.822630] dispositivo_del+0x2e5/0x420 [ 4223.822630] pci_remove_bus_device+0x70/0x110 [ 4223.822630] pciehp_unconfigure_device+0x7c/0x130 [ 4223.822631 ] pciehp_disable_slot+0x6b/0x100 [ 4223.822631] pciehp_handle_presence_or_link_change+0xd8/0x320 [ 4223.822631] pciehp_ist+0x176 /0x180 [4223.822631] ? irq_finalize_oneshot.part.50+0x110/0x110 [ 4223.822632] irq_thread_fn+0x19/0x50 [ 4223.822632] irq_thread+0x104/0x190 [ 4223.822632] ? irq_forced_thread_fn+0x90/0x90 [4223.822632]? irq_thread_check_affinity+0xe0/0xe0 [ 4223.822633] kthread+0x114/0x130 [ 4223.822633] ? __kthread_cancel_work+0x40/0x40 [ 4223.822633] ret_from_fork+0x1f/0x30 [ 4223.822633] P\u00e1nico del kernel - no se sincroniza: BLOQUEO duro [ 4223.822634] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: cargado Contaminado: versi\u00f3n del kernel GS OE xxxx [ 4223.822634] Nombre del hardware: nombre del proveedor xxxx 666-106, BIOS 01.01.02.03.01 15/05/2023 [ 4223.822634] Seguimiento de llamadas: [ 4223.822634]  [ 4223.822635] dump_stack+0x6d/0x88 [ 42 23.822635] p\u00e1nico+0x101/ 0x2d0 [4223.822635]? ret_from_fork+0x11/0x30 [ 4223.822635] nmi_panic.cold.14+0xc/0xc [ 4223.822636] ---truncado---\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/025bc6b41e020aeb1e71f84ae3ffce945026de05\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2b74b2a92e524d7c8dec8e02e95ecf18b667c062\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/34a7b30f56d30114bf4d436e4dc793afe326fbcf\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4fc82cd907ac075648789cc3a00877778aa1838b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c04f2780919f20e2cc4846764221f5e802555868\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d70f1c85113cd8c2aa8373f491ca5d1b22ec0554\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f873b85ec762c5a6abe94a7ddb31df5d3ba07d85\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/025bc6b41e020aeb1e71f84ae3ffce945026de05\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/2b74b2a92e524d7c8dec8e02e95ecf18b667c062\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/34a7b30f56d30114bf4d436e4dc793afe326fbcf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/4fc82cd907ac075648789cc3a00877778aa1838b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/c04f2780919f20e2cc4846764221f5e802555868\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/d70f1c85113cd8c2aa8373f491ca5d1b22ec0554\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/f873b85ec762c5a6abe94a7ddb31df5d3ba07d85\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.