CVE-2024-40945
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-40945
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-40945.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-40945
- Downstream
- Related
- Published
- 2024-07-12T12:25:19.164Z
- Modified
- 2025-11-28T02:34:34.728217Z
- Summary
- iommu: Return right value in iommu_sva_bind_device()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
iommu: Return right value in iommusvabind_device()
iommusvabinddevice() should return either a sva bond handle or an ERRPTR value in error cases. Existing drivers (idxd and uacce) only check the return value with IS_ERR(). This could potentially lead to a kernel NULL pointer dereference issue if the function returns NULL instead of an error pointer.
In reality, this doesn't cause any problems because iommusvabinddevice() only returns NULL when the kernel is not configured with CONFIGIOMMUSVA. In this case, iommudevenablefeature(dev, IOMMUDEVFEATSVA) will return an error, and the device drivers won't call iommusvabinddevice() at all.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/40xxx/CVE-2024-40945.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998
- https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e
- https://git.kernel.org/stable/c/6325eab6c108fed27f60ff51852e3eac0ba23f3f
- https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8
- https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6
- https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e
- https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/40xxx/CVE-2024-40945.json
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-40945
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced26b25a2b98e45aeb40eedcedc586ad5034cbd984Fixed700f564758882db7c039dfba9443fe762561a3f8Fixedcf34f8f66982a36e5cba0d05781b21ec9606b91eFixed2973b8e7d127754de9013177c41c0b5547406998Fixed6325eab6c108fed27f60ff51852e3eac0ba23f3fFixed7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6Fixed61a96da9649a6b6a1a5d5bde9374b045fdb5c12eFixed89e8a2366e3bce584b6c01549d5019c5cda1205e
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced5.2.0Fixed5.4.279
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.221
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.162
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.129
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.35
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.9.6