CVE-2024-56568
- Source
- https://cve.org/CVERecord?id=CVE-2024-56568
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56568.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-56568
- Downstream
- Related
- Published
- 2024-12-27T14:23:11.733Z
- Modified
- 2026-05-28T03:55:37.972407198Z
- Severity
-
- 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- iommu/arm-smmu: Defer probe of clients after smmu device bound
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
iommu/arm-smmu: Defer probe of clients after smmu device bound
Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when ofdmaconfigure() for client is called after the iommudeviceregister() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called.
Following is how the race occurs:
T1:Smmu device probe T2: Client device probe
reallyprobe() armsmmudeviceprobe() iommudeviceregister() reallyprobe() platformdmaconfigure() ofdmaconfigure() ofdmaconfigureid() ofiommuconfigure() iommuprobedevice() iommuinitdevice() armsmmuprobedevice() armsmmugetbyfwnode() driverfinddevicebyfwnode() driverfinddevice() nextdevice() klistnext() /* null ptr assigned to smmu / / null ptr dereference while smmu->streamidmask */ driverbound() klistadd_tail()
When this null smmu pointer is dereferenced later in armsmmuprobe_device, the device crashes.
Fix this by deferring the probe of the client device until the smmu device has bound to the arm smmu driver.
[will: Add comment]
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56568.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/229e6ee43d2a160a1592b83aad620d6027084aad
- https://git.kernel.org/stable/c/4a9485918a042e3114890dfbe19839a1897f8b2c
- https://git.kernel.org/stable/c/5018696b19bc6c021e934a8a59f4b1dd8c0ac9f8
- https://git.kernel.org/stable/c/c2527d07c7e9cda2c6165d5edccf74752baac1b0
- https://git.kernel.org/stable/c/dc02407ea952e20c544a078a6be2e6f008327973
- https://git.kernel.org/stable/c/f8f794f387ad21c4696e5cd0626cb6f8a5f6aea5
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56568.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-56568
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced021bb8420d44cf56102d44fca9af628625e75482Fixedc2527d07c7e9cda2c6165d5edccf74752baac1b0Fixeddc02407ea952e20c544a078a6be2e6f008327973Fixedf8f794f387ad21c4696e5cd0626cb6f8a5f6aea5Fixed4a9485918a042e3114890dfbe19839a1897f8b2cFixed5018696b19bc6c021e934a8a59f4b1dd8c0ac9f8Fixed229e6ee43d2a160a1592b83aad620d6027084aad