CVE-2024-40945 - Vulnerability Details

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z

Link	Providers
https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998
https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e
https://git.kernel.org/stable/c/6325eab6c108fed27f60ff51852e3eac0ba23f3f
https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8
https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6
https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e
https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e
https://lore.kernel.org/linux-cve-announce/2024071220-CVE-2024-40945-79e6@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-40945
https://www.cve.org/CVERecord?id=CVE-2024-40945

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/6325eab6c108fed27f60ff51852e3eac0ba23f3f

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-476
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.10:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc2::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40945", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.588Z", "datePublished": "2024-07-12T12:25:19.164Z", "dateUpdated": "2025-05-04T09:18:31.905Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:18:31.905Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Return right value in iommu_sva_bind_device()\n\niommu_sva_bind_device() should return either a sva bond handle or an\nERR_PTR value in error cases. Existing drivers (idxd and uacce) only\ncheck the return value with IS_ERR(). This could potentially lead to\na kernel NULL pointer dereference issue if the function returns NULL\ninstead of an error pointer.\n\nIn reality, this doesn't cause any problems because iommu_sva_bind_device()\nonly returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.\nIn this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will\nreturn an error, and the device drivers won't call iommu_sva_bind_device()\nat all."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/linux/iommu.h"], "versions": [{"version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984", "lessThan": "700f564758882db7c039dfba9443fe762561a3f8", "status": "affected", "versionType": "git"}, {"version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984", "lessThan": "cf34f8f66982a36e5cba0d05781b21ec9606b91e", "status": "affected", "versionType": "git"}, {"version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984", "lessThan": "2973b8e7d127754de9013177c41c0b5547406998", "status": "affected", "versionType": "git"}, {"version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984", "lessThan": "6325eab6c108fed27f60ff51852e3eac0ba23f3f", "status": "affected", "versionType": "git"}, {"version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984", "lessThan": "7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6", "status": "affected", "versionType": "git"}, {"version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984", "lessThan": "61a96da9649a6b6a1a5d5bde9374b045fdb5c12e", "status": "affected", "versionType": "git"}, {"version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984", "lessThan": "89e8a2366e3bce584b6c01549d5019c5cda1205e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/linux/iommu.h"], "versions": [{"version": "5.2", "status": "affected"}, {"version": "0", "lessThan": "5.2", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.279", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.221", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.129", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.35", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.6", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.2", "versionEndExcluding": "5.4.279"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.2", "versionEndExcluding": "5.10.221"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.2", "versionEndExcluding": "5.15.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.2", "versionEndExcluding": "6.1.129"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.2", "versionEndExcluding": "6.6.35"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.2", "versionEndExcluding": "6.9.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.2", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8"}, {"url": "https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e"}, {"url": "https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998"}, {"url": "https://git.kernel.org/stable/c/6325eab6c108fed27f60ff51852e3eac0ba23f3f"}, {"url": "https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6"}, {"url": "https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e"}, {"url": "https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e"}], "title": "iommu: Return right value in iommu_sva_bind_device()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.881Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40945", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:04:14.417698Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:25.334Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-40945 (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

state : PUBLISHED (string)

assignerShortName : Linux (string)

dateReserved : 2024-07-12T12:17:45.588Z (string)

datePublished : 2024-07-12T12:25:19.164Z (string)

dateUpdated : 2025-05-04T09:18:31.905Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T09:18:31.905Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: iommu: Return right value in iommu_sva_bind_device() iommu_sva_bind_device() should return either a sva bond handle or an ERR_PTR value in error cases. Existing drivers (idxd and uacce) only check the return value with IS_ERR(). This could potentially lead to a kernel NULL pointer dereference issue if the function returns NULL instead of an error pointer. In reality, this doesn't cause any problems because iommu_sva_bind_device() only returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA. In this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will return an error, and the device drivers won't call iommu_sva_bind_device() at all. (string)

}

]

affected : [ »

0 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : unaffected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : include/linux/iommu.h (string)

]

versions : [ »

0 : { »

version : 26b25a2b98e45aeb40eedcedc586ad5034cbd984 (string)

lessThan : 700f564758882db7c039dfba9443fe762561a3f8 (string)

status : affected (string)

versionType : git (string)

}

1 : { »

version : 26b25a2b98e45aeb40eedcedc586ad5034cbd984 (string)

lessThan : cf34f8f66982a36e5cba0d05781b21ec9606b91e (string)

status : affected (string)

versionType : git (string)

}

2 : { »

version : 26b25a2b98e45aeb40eedcedc586ad5034cbd984 (string)

lessThan : 2973b8e7d127754de9013177c41c0b5547406998 (string)

status : affected (string)

versionType : git (string)

}

3 : { »

version : 26b25a2b98e45aeb40eedcedc586ad5034cbd984 (string)

lessThan : 6325eab6c108fed27f60ff51852e3eac0ba23f3f (string)

status : affected (string)

versionType : git (string)

}

4 : { »

version : 26b25a2b98e45aeb40eedcedc586ad5034cbd984 (string)

lessThan : 7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6 (string)

status : affected (string)

versionType : git (string)

}

5 : { »

version : 26b25a2b98e45aeb40eedcedc586ad5034cbd984 (string)

lessThan : 61a96da9649a6b6a1a5d5bde9374b045fdb5c12e (string)

status : affected (string)

versionType : git (string)

}

6 : { »

version : 26b25a2b98e45aeb40eedcedc586ad5034cbd984 (string)

lessThan : 89e8a2366e3bce584b6c01549d5019c5cda1205e (string)

status : affected (string)

versionType : git (string)

}

]

}

1 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : affected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : include/linux/iommu.h (string)

]

versions : [ »

0 : { »

version : 5.2 (string)

status : affected (string)

}

1 : { »

version : 0 (string)

lessThan : 5.2 (string)

status : unaffected (string)

versionType : semver (string)

}

2 : { »

version : 5.4.279 (string)

lessThanOrEqual : 5.4.* (string)

status : unaffected (string)

versionType : semver (string)

}

3 : { »

version : 5.10.221 (string)

lessThanOrEqual : 5.10.* (string)

status : unaffected (string)

versionType : semver (string)

}

4 : { »

version : 5.15.162 (string)

lessThanOrEqual : 5.15.* (string)

status : unaffected (string)

versionType : semver (string)

}

5 : { »

version : 6.1.129 (string)

lessThanOrEqual : 6.1.* (string)

status : unaffected (string)

versionType : semver (string)

}

6 : { »

version : 6.6.35 (string)

lessThanOrEqual : 6.6.* (string)

status : unaffected (string)

versionType : semver (string)

}

7 : { »

version : 6.9.6 (string)

lessThanOrEqual : 6.9.* (string)

status : unaffected (string)

versionType : semver (string)

}

8 : { »

version : 6.10 (string)

lessThanOrEqual : * (string)

status : unaffected (string)

versionType : original_commit_for_fix (string)

}

]

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

operator : OR (string)

negate : false (boolean)

cpeMatch : [ »

0 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.2 (string)

versionEndExcluding : 5.4.279 (string)

}

1 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.2 (string)

versionEndExcluding : 5.10.221 (string)

}

2 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.2 (string)

versionEndExcluding : 5.15.162 (string)

}

3 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.2 (string)

versionEndExcluding : 6.1.129 (string)

}

4 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.2 (string)

versionEndExcluding : 6.6.35 (string)

}

5 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.2 (string)

versionEndExcluding : 6.9.6 (string)

}

6 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.2 (string)

versionEndExcluding : 6.10 (string)

}

]

}

]

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e (string)

}

2 : { »

url : https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/6325eab6c108fed27f60ff51852e3eac0ba23f3f (string)

}

4 : { »

url : https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6 (string)

}

5 : { »

url : https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e (string)

}

6 : { »

url : https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e (string)

}

]

title : iommu: Return right value in iommu_sva_bind_device() (string)

x_generator : { »

engine : bippy-1.2.0 (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T04:39:55.881Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-40945 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-09-10T17:04:14.417698Z (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-11T17:34:25.334Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.881Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40945", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:04:14.417698Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:22.538Z"}}], "cna": {"title": "iommu: Return right value in iommu_sva_bind_device()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984", "lessThan": "700f564758882db7c039dfba9443fe762561a3f8", "versionType": "git"}, {"status": "affected", "version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984", "lessThan": "cf34f8f66982a36e5cba0d05781b21ec9606b91e", "versionType": "git"}, {"status": "affected", "version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984", "lessThan": "2973b8e7d127754de9013177c41c0b5547406998", "versionType": "git"}, {"status": "affected", "version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984", "lessThan": "6325eab6c108fed27f60ff51852e3eac0ba23f3f", "versionType": "git"}, {"status": "affected", "version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984", "lessThan": "7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6", "versionType": "git"}, {"status": "affected", "version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984", "lessThan": "61a96da9649a6b6a1a5d5bde9374b045fdb5c12e", "versionType": "git"}, {"status": "affected", "version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984", "lessThan": "89e8a2366e3bce584b6c01549d5019c5cda1205e", "versionType": "git"}], "programFiles": ["include/linux/iommu.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.2"}, {"status": "unaffected", "version": "0", "lessThan": "5.2", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.279", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.221", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.162", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.129", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.35", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.6", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["include/linux/iommu.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8"}, {"url": "https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e"}, {"url": "https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998"}, {"url": "https://git.kernel.org/stable/c/6325eab6c108fed27f60ff51852e3eac0ba23f3f"}, {"url": "https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6"}, {"url": "https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e"}, {"url": "https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Return right value in iommu_sva_bind_device()\n\niommu_sva_bind_device() should return either a sva bond handle or an\nERR_PTR value in error cases. Existing drivers (idxd and uacce) only\ncheck the return value with IS_ERR(). This could potentially lead to\na kernel NULL pointer dereference issue if the function returns NULL\ninstead of an error pointer.\n\nIn reality, this doesn't cause any problems because iommu_sva_bind_device()\nonly returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.\nIn this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will\nreturn an error, and the device drivers won't call iommu_sva_bind_device()\nat all."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-02-21T13:45:06.636Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40945", "state": "PUBLISHED", "dateUpdated": "2025-02-21T13:45:06.636Z", "dateReserved": "2024-07-12T12:17:45.588Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:25:19.164Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T04:39:55.881Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-40945 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-09-10T17:04:14.417698Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-11T12:42:22.538Z (string)

}

]

cna : { »

title : iommu: Return right value in iommu_sva_bind_device() (string)

affected : [ »

0 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 26b25a2b98e45aeb40eedcedc586ad5034cbd984 (string)

lessThan : 700f564758882db7c039dfba9443fe762561a3f8 (string)

versionType : git (string)

}

1 : { »

status : affected (string)

version : 26b25a2b98e45aeb40eedcedc586ad5034cbd984 (string)

lessThan : cf34f8f66982a36e5cba0d05781b21ec9606b91e (string)

versionType : git (string)

}

2 : { »

status : affected (string)

version : 26b25a2b98e45aeb40eedcedc586ad5034cbd984 (string)

lessThan : 2973b8e7d127754de9013177c41c0b5547406998 (string)

versionType : git (string)

}

3 : { »

status : affected (string)

version : 26b25a2b98e45aeb40eedcedc586ad5034cbd984 (string)

lessThan : 6325eab6c108fed27f60ff51852e3eac0ba23f3f (string)

versionType : git (string)

}

4 : { »

status : affected (string)

version : 26b25a2b98e45aeb40eedcedc586ad5034cbd984 (string)

lessThan : 7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6 (string)

versionType : git (string)

}

5 : { »

status : affected (string)

version : 26b25a2b98e45aeb40eedcedc586ad5034cbd984 (string)

lessThan : 61a96da9649a6b6a1a5d5bde9374b045fdb5c12e (string)

versionType : git (string)

}

6 : { »

status : affected (string)

version : 26b25a2b98e45aeb40eedcedc586ad5034cbd984 (string)

lessThan : 89e8a2366e3bce584b6c01549d5019c5cda1205e (string)

versionType : git (string)

}

]

programFiles : [ »

0 : include/linux/iommu.h (string)

]

defaultStatus : unaffected (string)

}

1 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 5.2 (string)

}

1 : { »

status : unaffected (string)

version : 0 (string)

lessThan : 5.2 (string)

versionType : semver (string)

}

2 : { »

status : unaffected (string)

version : 5.4.279 (string)

versionType : semver (string)

lessThanOrEqual : 5.4.* (string)

}

3 : { »

status : unaffected (string)

version : 5.10.221 (string)

versionType : semver (string)

lessThanOrEqual : 5.10.* (string)

}

4 : { »

status : unaffected (string)

version : 5.15.162 (string)

versionType : semver (string)

lessThanOrEqual : 5.15.* (string)

}

5 : { »

status : unaffected (string)

version : 6.1.129 (string)

versionType : semver (string)

lessThanOrEqual : 6.1.* (string)

}

6 : { »

status : unaffected (string)

version : 6.6.35 (string)

versionType : semver (string)

lessThanOrEqual : 6.6.* (string)

}

7 : { »

status : unaffected (string)

version : 6.9.6 (string)

versionType : semver (string)

lessThanOrEqual : 6.9.* (string)

}

8 : { »

status : unaffected (string)

version : 6.10 (string)

versionType : original_commit_for_fix (string)

lessThanOrEqual : * (string)

}

]

programFiles : [ »

0 : include/linux/iommu.h (string)

]

defaultStatus : affected (string)

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e (string)

}

2 : { »

url : https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/6325eab6c108fed27f60ff51852e3eac0ba23f3f (string)

}

4 : { »

url : https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6 (string)

}

5 : { »

url : https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e (string)

}

6 : { »

url : https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e (string)

}

]

x_generator : { »

engine : bippy-5f407fcff5a0 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: iommu: Return right value in iommu_sva_bind_device() iommu_sva_bind_device() should return either a sva bond handle or an ERR_PTR value in error cases. Existing drivers (idxd and uacce) only check the return value with IS_ERR(). This could potentially lead to a kernel NULL pointer dereference issue if the function returns NULL instead of an error pointer. In reality, this doesn't cause any problems because iommu_sva_bind_device() only returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA. In this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will return an error, and the device drivers won't call iommu_sva_bind_device() at all. (string)

}

]

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-02-21T13:45:06.636Z (string)

}

cveMetadata : { »

cveId : CVE-2024-40945 (string)

state : PUBLISHED (string)

dateUpdated : 2025-02-21T13:45:06.636Z (string)

dateReserved : 2024-07-12T12:17:45.588Z (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

datePublished : 2024-07-12T12:25:19.164Z (string)

assignerShortName : Linux (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A16AF13-82B4-4031-88E2-F3A1AE0863D5", "versionEndExcluding": "5.4.279", "versionStartIncluding": "5.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "659E1520-6345-41AF-B893-A7C0647585A0", "versionEndExcluding": "5.10.221", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "10A39ACC-3005-40E8-875C-98A372D1FFD5", "versionEndExcluding": "5.15.162", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC897C60-C0EC-4C8F-AD1A-CD0916F408C4", "versionEndExcluding": "6.6.35", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975", "versionEndExcluding": "6.9.6", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Return right value in iommu_sva_bind_device()\n\niommu_sva_bind_device() should return either a sva bond handle or an\nERR_PTR value in error cases. Existing drivers (idxd and uacce) only\ncheck the return value with IS_ERR(). This could potentially lead to\na kernel NULL pointer dereference issue if the function returns NULL\ninstead of an error pointer.\n\nIn reality, this doesn't cause any problems because iommu_sva_bind_device()\nonly returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.\nIn this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will\nreturn an error, and the device drivers won't call iommu_sva_bind_device()\nat all."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: iommu: Devuelve el valor correcto en iommu_sva_bind_device() iommu_sva_bind_device() deber\u00eda devolver un identificador de enlace sva o un valor ERR_PTR en casos de error. Los controladores existentes (idxd y uacce) solo verifican el valor de retorno con IS_ERR(). Esto podr\u00eda provocar un problema de desreferencia del puntero NULL del kernel si la funci\u00f3n devuelve NULL en lugar de un puntero de error. En realidad, esto no causa ning\u00fan problema porque iommu_sva_bind_device() solo devuelve NULL cuando el kernel no est\u00e1 configurado con CONFIG_IOMMU_SVA. En este caso, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) devolver\u00e1 un error y los controladores del dispositivo no llamar\u00e1n a iommu_sva_bind_device() en absoluto."}], "id": "CVE-2024-40945", "lastModified": "2025-02-21T14:15:34.213", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-12T13:15:16.853", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6325eab6c108fed27f60ff51852e3eac0ba23f3f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 5A16AF13-82B4-4031-88E2-F3A1AE0863D5 (string)

versionEndExcluding : 5.4.279 (string)

versionStartIncluding : 5.2 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 659E1520-6345-41AF-B893-A7C0647585A0 (string)

versionEndExcluding : 5.10.221 (string)

versionStartIncluding : 5.5 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 10A39ACC-3005-40E8-875C-98A372D1FFD5 (string)

versionEndExcluding : 5.15.162 (string)

versionStartIncluding : 5.11 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : BC897C60-C0EC-4C8F-AD1A-CD0916F408C4 (string)

versionEndExcluding : 6.6.35 (string)

versionStartIncluding : 5.16 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975 (string)

versionEndExcluding : 6.9.6 (string)

versionStartIncluding : 6.7 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 2EBB4392-5FA6-4DA9-9772-8F9C750109FA (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:* (string)

matchCriteriaId : 331C2F14-12C7-45D5-893D-8C52EE38EA10 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: iommu: Return right value in iommu_sva_bind_device() iommu_sva_bind_device() should return either a sva bond handle or an ERR_PTR value in error cases. Existing drivers (idxd and uacce) only check the return value with IS_ERR(). This could potentially lead to a kernel NULL pointer dereference issue if the function returns NULL instead of an error pointer. In reality, this doesn't cause any problems because iommu_sva_bind_device() only returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA. In this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will return an error, and the device drivers won't call iommu_sva_bind_device() at all. (string)

}

1 : { »

lang : es (string)

value : En el kernel de Linux, se resolvió la siguiente vulnerabilidad: iommu: Devuelve el valor correcto en iommu_sva_bind_device() iommu_sva_bind_device() debería devolver un identificador de enlace sva o un valor ERR_PTR en casos de error. Los controladores existentes (idxd y uacce) solo verifican el valor de retorno con IS_ERR(). Esto podría provocar un problema de desreferencia del puntero NULL del kernel si la función devuelve NULL en lugar de un puntero de error. En realidad, esto no causa ningún problema porque iommu_sva_bind_device() solo devuelve NULL cuando el kernel no está configurado con CONFIG_IOMMU_SVA. En este caso, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) devolverá un error y los controladores del dispositivo no llamarán a iommu_sva_bind_device() en absoluto. (string)

}

]

id : CVE-2024-40945 (string)

lastModified : 2025-02-21T14:15:34.213 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2024-07-12T13:15:16.853 (string)

references : [ »

0 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998 (string)

}

1 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e (string)

}

2 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

url : https://git.kernel.org/stable/c/6325eab6c108fed27f60ff51852e3eac0ba23f3f (string)

}

3 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8 (string)

}

4 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6 (string)

}

5 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e (string)

}

6 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8 (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e (string)

}

]

sourceIdentifier : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-476 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: iommu: Return right value in iommu_sva_bind_device()", "id": "2297529", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297529"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-393", "details": ["In the Linux kernel, the following vulnerability has been resolved:\niommu: Return right value in iommu_sva_bind_device()\niommu_sva_bind_device() should return either a sva bond handle or an\nERR_PTR value in error cases. Existing drivers (idxd and uacce) only\ncheck the return value with IS_ERR(). This could potentially lead to\na kernel NULL pointer dereference issue if the function returns NULL\ninstead of an error pointer.\nIn reality, this doesn't cause any problems because iommu_sva_bind_device()\nonly returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.\nIn this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will\nreturn an error, and the device drivers won't call iommu_sva_bind_device()\nat all."], "name": "CVE-2024-40945", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40945\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40945\nhttps://lore.kernel.org/linux-cve-announce/2024071220-CVE-2024-40945-79e6@gregkh/T"], "threat_severity": "Low"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2024:9315 (string)

cpe : cpe:/a:redhat:enterprise_linux:9 (string)

package : kernel-0:5.14.0-503.11.1.el9_5 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2024-11-12T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2024:9315 (string)

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

package : kernel-0:5.14.0-503.11.1.el9_5 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2024-11-12T00:00:00Z (string)

}

]

bugzilla : { »

description : kernel: iommu: Return right value in iommu_sva_bind_device() (string)

id : 2297529 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2297529 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 4.4 (string)

cvss3_scoring_vector : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (string)

status : verified (string)

}

cwe : CWE-393 (string)

details : [ »

0 : In the Linux kernel, the following vulnerability has been resolved: iommu: Return right value in iommu_sva_bind_device() iommu_sva_bind_device() should return either a sva bond handle or an ERR_PTR value in error cases. Existing drivers (idxd and uacce) only check the return value with IS_ERR(). This could potentially lead to a kernel NULL pointer dereference issue if the function returns NULL instead of an error pointer. In reality, this doesn't cause any problems because iommu_sva_bind_device() only returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA. In this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will return an error, and the device drivers won't call iommu_sva_bind_device() at all. (string)

]

name : CVE-2024-40945 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Fix deferred (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

4 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Fix deferred (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

5 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Fix deferred (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

]

public_date : 2024-07-12T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2024-40945 https://nvd.nist.gov/vuln/detail/CVE-2024-40945 https://lore.kernel.org/linux-cve-announce/2024071220-CVE-2024-40945-79e6@gregkh/T (string)

]

threat_severity : Low (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object