{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-26891","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.186Z","datePublished":"2024-04-17T10:27:44.061Z","dateUpdated":"2025-05-04T08:58:59.877Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:58:59.877Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Don't issue ATS Invalidation request when device is disconnected\n\nFor those endpoint devices connect to system via hotplug capable ports,\nusers could request a hot reset to the device by flapping device's link\nthrough setting the slot's link control register, as pciehp_ist() DLLSC\ninterrupt sequence response, pciehp will unload the device driver and\nthen power it off. thus cause an IOMMU device-TLB invalidation (Intel\nVT-d spec, or ATS Invalidation in PCIe spec r6.1) request for non-existence\ntarget device to be sent and deadly loop to retry that request after ITE\nfault triggered in interrupt context.\n\nThat would cause following continuous hard lockup warning and system hang\n\n[ 4211.433662] pcieport 0000:17:01.0: pciehp: Slot(108): Link Down\n[ 4211.433664] pcieport 0000:17:01.0: pciehp: Slot(108): Card not present\n[ 4223.822591] NMI watchdog: Watchdog detected hard LOCKUP on cpu 144\n[ 4223.822622] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S\n         OE    kernel version xxxx\n[ 4223.822623] Hardware name: vendorname xxxx 666-106,\nBIOS 01.01.02.03.01 05/15/2023\n[ 4223.822623] RIP: 0010:qi_submit_sync+0x2c0/0x490\n[ 4223.822624] Code: 48 be 00 00 00 00 00 08 00 00 49 85 74 24 20 0f 95 c1 48 8b\n 57 10 83 c1 04 83 3c 1a 03 0f 84 a2 01 00 00 49 8b 04 24 8b 70 34 <40> f6 c6 1\n0 74 17 49 8b 04 24 8b 80 80 00 00 00 89 c2 d3 fa 41 39\n[ 4223.822624] RSP: 0018:ffffc4f074f0bbb8 EFLAGS: 00000093\n[ 4223.822625] RAX: ffffc4f040059000 RBX: 0000000000000014 RCX: 0000000000000005\n[ 4223.822625] RDX: ffff9f3841315800 RSI: 0000000000000000 RDI: ffff9f38401a8340\n[ 4223.822625] RBP: ffff9f38401a8340 R08: ffffc4f074f0bc00 R09: 0000000000000000\n[ 4223.822626] R10: 0000000000000010 R11: 0000000000000018 R12: ffff9f384005e200\n[ 4223.822626] R13: 0000000000000004 R14: 0000000000000046 R15: 0000000000000004\n[ 4223.822626] FS:  0000000000000000(0000) GS:ffffa237ae400000(0000)\nknlGS:0000000000000000\n[ 4223.822627] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4223.822627] CR2: 00007ffe86515d80 CR3: 000002fd3000a001 CR4: 0000000000770ee0\n[ 4223.822627] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 4223.822628] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[ 4223.822628] PKRU: 55555554\n[ 4223.822628] Call Trace:\n[ 4223.822628]  qi_flush_dev_iotlb+0xb1/0xd0\n[ 4223.822628]  __dmar_remove_one_dev_info+0x224/0x250\n[ 4223.822629]  dmar_remove_one_dev_info+0x3e/0x50\n[ 4223.822629]  intel_iommu_release_device+0x1f/0x30\n[ 4223.822629]  iommu_release_device+0x33/0x60\n[ 4223.822629]  iommu_bus_notifier+0x7f/0x90\n[ 4223.822630]  blocking_notifier_call_chain+0x60/0x90\n[ 4223.822630]  device_del+0x2e5/0x420\n[ 4223.822630]  pci_remove_bus_device+0x70/0x110\n[ 4223.822630]  pciehp_unconfigure_device+0x7c/0x130\n[ 4223.822631]  pciehp_disable_slot+0x6b/0x100\n[ 4223.822631]  pciehp_handle_presence_or_link_change+0xd8/0x320\n[ 4223.822631]  pciehp_ist+0x176/0x180\n[ 4223.822631]  ? irq_finalize_oneshot.part.50+0x110/0x110\n[ 4223.822632]  irq_thread_fn+0x19/0x50\n[ 4223.822632]  irq_thread+0x104/0x190\n[ 4223.822632]  ? irq_forced_thread_fn+0x90/0x90\n[ 4223.822632]  ? irq_thread_check_affinity+0xe0/0xe0\n[ 4223.822633]  kthread+0x114/0x130\n[ 4223.822633]  ? __kthread_cancel_work+0x40/0x40\n[ 4223.822633]  ret_from_fork+0x1f/0x30\n[ 4223.822633] Kernel panic - not syncing: Hard LOCKUP\n[ 4223.822634] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S\n         OE     kernel version xxxx\n[ 4223.822634] Hardware name: vendorname xxxx 666-106,\nBIOS 01.01.02.03.01 05/15/2023\n[ 4223.822634] Call Trace:\n[ 4223.822634]  <NMI>\n[ 4223.822635]  dump_stack+0x6d/0x88\n[ 4223.822635]  panic+0x101/0x2d0\n[ 4223.822635]  ? ret_from_fork+0x11/0x30\n[ 4223.822635]  nmi_panic.cold.14+0xc/0xc\n[ 4223.822636]  watchdog_overflow_callback.cold.8+0x6d/0x81\n[ 4223.822636]  __perf_event_overflow+0x4f/0xf0\n[ 4223.822636]  handle_pmi_common\n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/iommu/intel/pasid.c"],"versions":[{"version":"6f7db75e1c469057fe7588ed959328ead771ccc7","lessThan":"f873b85ec762c5a6abe94a7ddb31df5d3ba07d85","status":"affected","versionType":"git"},{"version":"6f7db75e1c469057fe7588ed959328ead771ccc7","lessThan":"d70f1c85113cd8c2aa8373f491ca5d1b22ec0554","status":"affected","versionType":"git"},{"version":"6f7db75e1c469057fe7588ed959328ead771ccc7","lessThan":"34a7b30f56d30114bf4d436e4dc793afe326fbcf","status":"affected","versionType":"git"},{"version":"6f7db75e1c469057fe7588ed959328ead771ccc7","lessThan":"2b74b2a92e524d7c8dec8e02e95ecf18b667c062","status":"affected","versionType":"git"},{"version":"6f7db75e1c469057fe7588ed959328ead771ccc7","lessThan":"c04f2780919f20e2cc4846764221f5e802555868","status":"affected","versionType":"git"},{"version":"6f7db75e1c469057fe7588ed959328ead771ccc7","lessThan":"025bc6b41e020aeb1e71f84ae3ffce945026de05","status":"affected","versionType":"git"},{"version":"6f7db75e1c469057fe7588ed959328ead771ccc7","lessThan":"4fc82cd907ac075648789cc3a00877778aa1838b","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/iommu/intel/pasid.c"],"versions":[{"version":"5.0","status":"affected"},{"version":"0","lessThan":"5.0","status":"unaffected","versionType":"semver"},{"version":"5.10.214","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.153","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.83","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.23","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7.11","lessThanOrEqual":"6.7.*","status":"unaffected","versionType":"semver"},{"version":"6.8.2","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.10.214"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.15.153"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"6.1.83"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"6.6.23"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"6.7.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"6.8.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"6.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/f873b85ec762c5a6abe94a7ddb31df5d3ba07d85"},{"url":"https://git.kernel.org/stable/c/d70f1c85113cd8c2aa8373f491ca5d1b22ec0554"},{"url":"https://git.kernel.org/stable/c/34a7b30f56d30114bf4d436e4dc793afe326fbcf"},{"url":"https://git.kernel.org/stable/c/2b74b2a92e524d7c8dec8e02e95ecf18b667c062"},{"url":"https://git.kernel.org/stable/c/c04f2780919f20e2cc4846764221f5e802555868"},{"url":"https://git.kernel.org/stable/c/025bc6b41e020aeb1e71f84ae3ffce945026de05"},{"url":"https://git.kernel.org/stable/c/4fc82cd907ac075648789cc3a00877778aa1838b"}],"title":"iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-17T17:41:17.252617Z","id":"CVE-2024-26891","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-17T17:47:46.218Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T00:21:05.551Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/f873b85ec762c5a6abe94a7ddb31df5d3ba07d85","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/d70f1c85113cd8c2aa8373f491ca5d1b22ec0554","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/34a7b30f56d30114bf4d436e4dc793afe326fbcf","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/2b74b2a92e524d7c8dec8e02e95ecf18b667c062","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/c04f2780919f20e2cc4846764221f5e802555868","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/025bc6b41e020aeb1e71f84ae3ffce945026de05","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/4fc82cd907ac075648789cc3a00877778aa1838b","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","tags":["x_transferred"]}]}]},"dataVersion":"5.1"}