In the Linux kernel, the following vulnerability has been resolved:
vfio/fsl-mc: Block calling interrupt handler without trigger
The eventfdctx trigger pointer of the vfiofslmcirq object is initially NULL and may become NULL if the user sets the trigger eventfd to -1. The interrupt handler itself is guaranteed that trigger is always valid between requestirq() and freeirq(), but the loopback testing mechanisms to invoke the handler function need to test the trigger. The triggering and setting ioctl paths both make use of igate and are therefore mutually exclusive.
The vfio-fsl-mc driver does not make use of irqfds, nor does it support any sort of masking operations, therefore unlike vfio-pci and vfio-platform, the flow can remain essentially unchanged.
[ { "deprecated": false, "target": { "file": "drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7447d911af699a15f8d050dfcb7c680a86f87012", "digest": { "threshold": 0.9, "line_hashes": [ "292719659737770963695798859517083237551", "236052329429905549904291148986693924731", "178307508535138396560490587861965029287", "264855527756039002926556632088386274098", "7883016490714376725720101711630391623", "199109283903993208031543013359866004789", "180539553818976673609149580015344216000", "175071837559075921290164700036233888723" ] }, "signature_type": "Line", "signature_version": "v1", "id": "CVE-2024-26814-03407e0a" }, { "deprecated": false, "target": { "function": "vfio_fsl_mc_set_irq_trigger", "file": "drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ee0bd4ad780dfbb60355b99f25063357ab488267", "digest": { "function_hash": "65354648809769463462438616954024641580", "length": 1130.0 }, "signature_type": "Function", "signature_version": "v1", "id": "CVE-2024-26814-05a540f2" }, { "deprecated": false, "target": { "file": "drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@250219c6a556f8c69c5910fca05a59037e24147d", "digest": { "threshold": 0.9, "line_hashes": [ "236776039894454090224579605541846288843", "236052329429905549904291148986693924731", "178307508535138396560490587861965029287", "264855527756039002926556632088386274098", "7883016490714376725720101711630391623", "199109283903993208031543013359866004789", "180539553818976673609149580015344216000", "175071837559075921290164700036233888723" ] }, "signature_type": "Line", "signature_version": "v1", "id": "CVE-2024-26814-0f5a7d9f" }, { "deprecated": false, "target": { "file": "drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a563fc18583ca4f42e2fdd0c70c7c618288e7ede", "digest": { "threshold": 0.9, "line_hashes": [ "236776039894454090224579605541846288843", "236052329429905549904291148986693924731", "178307508535138396560490587861965029287", "264855527756039002926556632088386274098", "7883016490714376725720101711630391623", "199109283903993208031543013359866004789", "180539553818976673609149580015344216000", "175071837559075921290164700036233888723" ] }, "signature_type": "Line", "signature_version": "v1", "id": "CVE-2024-26814-13ca5041" }, { "deprecated": false, "target": { "function": "vfio_fsl_mc_set_irq_trigger", "file": "drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@250219c6a556f8c69c5910fca05a59037e24147d", "digest": { "function_hash": "145510053750843209751620514020982494841", "length": 1141.0 }, "signature_type": "Function", "signature_version": "v1", "id": "CVE-2024-26814-3e05b1a6" }, { "deprecated": false, "target": { "function": "vfio_fsl_mc_set_irq_trigger", "file": "drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@083e750c9f5f4c3bf61161330fb84d7c8e8bb417", "digest": { "function_hash": "65354648809769463462438616954024641580", "length": 1130.0 }, "signature_type": "Function", "signature_version": "v1", "id": "CVE-2024-26814-48c00f20" }, { "deprecated": false, "target": { "function": "vfio_fsl_mc_set_irq_trigger", "file": "drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6ec0d88166dac43f29e96801c0927d514f17add9", "digest": { "function_hash": "65354648809769463462438616954024641580", "length": 1130.0 }, "signature_type": "Function", "signature_version": "v1", "id": "CVE-2024-26814-52294544" }, { "deprecated": false, "target": { "file": "drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@de87511fb0404d23b6da5f4660383b6ed095e28d", "digest": { "threshold": 0.9, "line_hashes": [ "292719659737770963695798859517083237551", "236052329429905549904291148986693924731", "178307508535138396560490587861965029287", "264855527756039002926556632088386274098", "7883016490714376725720101711630391623", "199109283903993208031543013359866004789", "180539553818976673609149580015344216000", "175071837559075921290164700036233888723" ] }, "signature_type": "Line", "signature_version": "v1", "id": "CVE-2024-26814-73ea77da" }, { "deprecated": false, "target": { "file": "drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ee0bd4ad780dfbb60355b99f25063357ab488267", "digest": { "threshold": 0.9, "line_hashes": [ "292719659737770963695798859517083237551", "236052329429905549904291148986693924731", "178307508535138396560490587861965029287", "264855527756039002926556632088386274098", "7883016490714376725720101711630391623", "199109283903993208031543013359866004789", "180539553818976673609149580015344216000", "175071837559075921290164700036233888723" ] }, "signature_type": "Line", "signature_version": "v1", "id": "CVE-2024-26814-74587aff" }, { "deprecated": false, "target": { "function": "vfio_fsl_mc_set_irq_trigger", "file": "drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7447d911af699a15f8d050dfcb7c680a86f87012", "digest": { "function_hash": "65354648809769463462438616954024641580", "length": 1130.0 }, "signature_type": "Function", "signature_version": "v1", "id": "CVE-2024-26814-8d2e81dd" }, { "deprecated": false, "target": { "function": "vfio_fsl_mc_set_irq_trigger", "file": "drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@de87511fb0404d23b6da5f4660383b6ed095e28d", "digest": { "function_hash": "65354648809769463462438616954024641580", "length": 1130.0 }, "signature_type": "Function", "signature_version": "v1", "id": "CVE-2024-26814-987ae443" }, { "deprecated": false, "target": { "function": "vfio_fsl_mc_set_irq_trigger", "file": "drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a563fc18583ca4f42e2fdd0c70c7c618288e7ede", "digest": { "function_hash": "223040840452715932533363362883668914991", "length": 1114.0 }, "signature_type": "Function", "signature_version": "v1", "id": "CVE-2024-26814-cdef5f53" }, { "deprecated": false, "target": { "file": "drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@083e750c9f5f4c3bf61161330fb84d7c8e8bb417", "digest": { "threshold": 0.9, "line_hashes": [ "292719659737770963695798859517083237551", "236052329429905549904291148986693924731", "178307508535138396560490587861965029287", "264855527756039002926556632088386274098", "7883016490714376725720101711630391623", "199109283903993208031543013359866004789", "180539553818976673609149580015344216000", "175071837559075921290164700036233888723" ] }, "signature_type": "Line", "signature_version": "v1", "id": "CVE-2024-26814-e96a39b7" }, { "deprecated": false, "target": { "file": "drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6ec0d88166dac43f29e96801c0927d514f17add9", "digest": { "threshold": 0.9, "line_hashes": [ "292719659737770963695798859517083237551", "236052329429905549904291148986693924731", "178307508535138396560490587861965029287", "264855527756039002926556632088386274098", "7883016490714376725720101711630391623", "199109283903993208031543013359866004789", "180539553818976673609149580015344216000", "175071837559075921290164700036233888723" ] }, "signature_type": "Line", "signature_version": "v1", "id": "CVE-2024-26814-f5cafb60" } ]