DEBIAN-CVE-2024-26786

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2024-26786

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-26786.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-26786

Upstream

CVE-2024-26786

Published

2024-04-04T09:15:08Z

Modified

2025-09-19T06:20:33Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix ioptaccesslistid overwrite bug Syzkaller reported the following WARNON: WARNING: CPU: 1 PID: 4738 at drivers/iommu/iommufd/iopagetable.c:1360 Call Trace: iommufdaccesschangeioas+0x2fe/0x4e0 iommufdaccessdestroyobject+0x50/0xb0 iommufdobjectremove+0x2a3/0x490 iommufdobjectdestroyuser iommufdaccessdestroy+0x71/0xb0 iommufdteststaccessrelease+0x89/0xd0 _fput+0x272/0xb50 _fputsync+0x4b/0x60 _dosysclose _sesysclose _x64sysclose+0x8b/0x110 dosyscallx64 The mismatch between the access pointer in the list and the passed-in pointer is resulting from an overwrite of access->ioptaccesslistid, in ioptaddaccess(). Called from iommufdaccesschangeioas() when xaalloc() succeeds but ioptcalculateiovaalignment() fails. Add a newid in ioptaddaccess() and only update ioptaccesslist_id when returning successfully.

References

https://security-tracker.debian.org/tracker/CVE-2024-26786

Affected packages

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.7.9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.7.9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}