ghsa-vqv4-92gw-6c3g
Vulnerability from github
Published
2024-02-23 15:30
Modified
2024-04-30 21:30
Severity
7.8 (High) - CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

iommu: Don't reserve 0-length IOVA region

When the bootloader/firmware doesn't setup the framebuffers, their address and size are 0 in "iommu-addresses" property. If IOVA region is reserved with 0 length, then it ends up corrupting the IOVA rbtree with an entry which has pfn_hi < pfn_lo. If we intend to use display driver in kernel without framebuffer then it's causing the display IOMMU mappings to fail as entire valid IOVA space is reserved when address and length are passed as 0. An ideal solution would be firmware removing the "iommu-addresses" property and corresponding "memory-region" if display is not present. But the kernel should be able to handle this by checking for size of IOVA region and skipping the IOVA reservation if size is 0. Also, add a warning if firmware is requesting 0-length IOVA region reservation.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-52455"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-23T15:15:08Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Don\u0027t reserve 0-length IOVA region\n\nWhen the bootloader/firmware doesn\u0027t setup the framebuffers, their\naddress and size are 0 in \"iommu-addresses\" property. If IOVA region is\nreserved with 0 length, then it ends up corrupting the IOVA rbtree with\nan entry which has pfn_hi \u003c pfn_lo.\nIf we intend to use display driver in kernel without framebuffer then\nit\u0027s causing the display IOMMU mappings to fail as entire valid IOVA\nspace is reserved when address and length are passed as 0.\nAn ideal solution would be firmware removing the \"iommu-addresses\"\nproperty and corresponding \"memory-region\" if display is not present.\nBut the kernel should be able to handle this by checking for size of\nIOVA region and skipping the IOVA reservation if size is 0. Also, add\na warning if firmware is requesting 0-length IOVA region reservation.",
  "id": "GHSA-vqv4-92gw-6c3g",
  "modified": "2024-04-30T21:30:31Z",
  "published": "2024-02-23T15:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52455"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5e23e283910c9f30248732ae0770bcb0c9438abf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/98b8a550da83cc392a14298c4b3eaaf0332ae6ad"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bb57f6705960bebeb832142ce9abf43220c3eab1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.