CVE-2024-36925
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-36925
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36925.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-36925
- Downstream
- Related
- Published
- 2024-05-30T15:29:19Z
- Modified
- 2025-10-14T16:52:55.063787Z
- Summary
- swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
swiotlb: initialise restricted pool listhead when SWIOTLBDYNAMIC=y
Using restricted DMA pools (CONFIGDMARESTRICTEDPOOL=y) in conjunction with dynamic SWIOTLB (CONFIGSWIOTLB_DYNAMIC=y) leads to the following crash when initialising the restricted pools at boot-time:
| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 | Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP | pc : rmemswiotlbdeviceinit+0xfc/0x1ec | lr : rmemswiotlbdeviceinit+0xf0/0x1ec | Call trace: | rmemswiotlbdeviceinit+0xfc/0x1ec | ofreservedmemdeviceinitbyidx+0x18c/0x238 | ofdmaconfigureid+0x31c/0x33c | platformdmaconfigure+0x34/0x80
faddr2line reveals that the crash is in the list validation code:
include/linux/list.h:83 include/linux/rculist.h:79 include/linux/rculist.h:106 kernel/dma/swiotlb.c:306 kernel/dma/swiotlb.c:1695
because addmempool() is trying to listaddrcu() to a NULL 'mem->pools'.
Fix the crash by initialising the 'mem->pools' listhead in rmemswiotlbdeviceinit() before calling addmempool().
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1aaa736815eb04f4dae3f0b3e977b2a0677a4cfbFixedf2a6b3ed20f2dea4cb645abc6a73c4595662adca
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1aaa736815eb04f4dae3f0b3e977b2a0677a4cfbFixedf62e0fefcdfe2c05ccb1aa80521a69524eea9c84
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1aaa736815eb04f4dae3f0b3e977b2a0677a4cfbFixed75961ffb5cb3e5196f19cae7683f35cc88b50800
Affected versions
v6.*
v6.5
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f2a6b3ed20f2dea4cb645abc6a73c4595662adca",
"deprecated": false,
"id": "CVE-2024-36925-22936fc4",
"signature_type": "Function",
"digest": {
"length": 1176.0,
"function_hash": "326587672131410602926291188670202135476"
},
"target": {
"file": "kernel/dma/swiotlb.c",
"function": "rmem_swiotlb_device_init"
}
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f62e0fefcdfe2c05ccb1aa80521a69524eea9c84",
"deprecated": false,
"id": "CVE-2024-36925-42341a77",
"signature_type": "Function",
"digest": {
"length": 1176.0,
"function_hash": "326587672131410602926291188670202135476"
},
"target": {
"file": "kernel/dma/swiotlb.c",
"function": "rmem_swiotlb_device_init"
}
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f2a6b3ed20f2dea4cb645abc6a73c4595662adca",
"deprecated": false,
"id": "CVE-2024-36925-79eeae66",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"18516581189259851170037252143704269835",
"206646336962070519462943934019771268725",
"62136704475791303120973347206462261641",
"261632450790260421649179755666674855368"
]
},
"target": {
"file": "kernel/dma/swiotlb.c"
}
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@75961ffb5cb3e5196f19cae7683f35cc88b50800",
"deprecated": false,
"id": "CVE-2024-36925-9d5ac454",
"signature_type": "Function",
"digest": {
"length": 1176.0,
"function_hash": "326587672131410602926291188670202135476"
},
"target": {
"file": "kernel/dma/swiotlb.c",
"function": "rmem_swiotlb_device_init"
}
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@75961ffb5cb3e5196f19cae7683f35cc88b50800",
"deprecated": false,
"id": "CVE-2024-36925-9fe49714",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"18516581189259851170037252143704269835",
"206646336962070519462943934019771268725",
"62136704475791303120973347206462261641",
"261632450790260421649179755666674855368"
]
},
"target": {
"file": "kernel/dma/swiotlb.c"
}
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f62e0fefcdfe2c05ccb1aa80521a69524eea9c84",
"deprecated": false,
"id": "CVE-2024-36925-dba4d026",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"18516581189259851170037252143704269835",
"206646336962070519462943934019771268725",
"62136704475791303120973347206462261641",
"261632450790260421649179755666674855368"
]
},
"target": {
"file": "kernel/dma/swiotlb.c"
}
}
]
}