{
  "threat_severity" : "Moderate",
  "public_date" : "2024-04-04T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: iommufd: Fix protection fault in iommufd_test_syz_conv_iova",
    "id" : "2273461",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2273461"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-400",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\niommufd: Fix protection fault in iommufd_test_syz_conv_iova\nSyzkaller reported the following bug:\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 [#1] SMP KASAN\nKASAN: null-ptr-deref in range [0x00000000000001c0-0x00000000000001c7]\nCall Trace:\nlock_acquire\nlock_acquire+0x1ce/0x4f0\ndown_read+0x93/0x4a0\niommufd_test_syz_conv_iova+0x56/0x1f0\niommufd_test_access_rw.isra.0+0x2ec/0x390\niommufd_test+0x1058/0x1e30\niommufd_fops_ioctl+0x381/0x510\nvfs_ioctl\n__do_sys_ioctl\n__se_sys_ioctl\n__x64_sys_ioctl+0x170/0x1e0\ndo_syscall_x64\ndo_syscall_64+0x71/0x140\nThis is because the new iommufd_access_change_ioas() sets access->ioas to\nNULL during its process, so the lock might be gone in a concurrent racing\ncontext.\nFix this by doing the same access->ioas sanity as iommufd_access_rw() and\niommufd_access_pin_pages() functions do.", "A protection fault vulnerability was found in the iommufd subsystem of the Linux kernel. This flaw could lead to unexpected behavior or system instability." ],
  "statement" : "Red Hat Enterprise Linux 6, 7 & 8 is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-26785\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26785\nhttps://lore.kernel.org/linux-cve-announce/2024040459-CVE-2024-26785-857d@gregkh/T" ],
  "name" : "CVE-2024-26785",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}