{
  "threat_severity" : "Moderate",
  "public_date" : "2024-05-20T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: iommu/vt-d: Fix WARN_ON in iommu probe path",
    "id" : "2281927",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2281927"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\niommu/vt-d: Fix WARN_ON in iommu probe path\nCommit 1a75cc710b95 (\"iommu/vt-d: Use rbtree to track iommu probed\ndevices\") adds all devices probed by the iommu driver in a rbtree\nindexed by the source ID of each device. It assumes that each device\nhas a unique source ID. This assumption is incorrect and the VT-d\nspec doesn't state this requirement either.\nThe reason for using a rbtree to track devices is to look up the device\nwith PCI bus and devfunc in the paths of handling ATS invalidation time\nout error and the PRI I/O page faults. Both are PCI ATS feature related.\nOnly track the devices that have PCI ATS capabilities in the rbtree to\navoid unnecessary WARN_ON in the iommu probe path. Otherwise, on some\nplatforms below kernel splat will be displayed and the iommu probe results\nin failure.\nWARNING: CPU: 3 PID: 166 at drivers/iommu/intel/iommu.c:158 intel_iommu_probe_device+0x319/0xd90\nCall Trace:\n<TASK>\n? __warn+0x7e/0x180\n? intel_iommu_probe_device+0x319/0xd90\n? report_bug+0x1f8/0x200\n? handle_bug+0x3c/0x70\n? exc_invalid_op+0x18/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? intel_iommu_probe_device+0x319/0xd90\n? debug_mutex_init+0x37/0x50\n__iommu_probe_device+0xf2/0x4f0\niommu_probe_device+0x22/0x70\niommu_bus_notifier+0x1e/0x40\nnotifier_call_chain+0x46/0x150\nblocking_notifier_call_chain+0x42/0x60\nbus_notify+0x2f/0x50\ndevice_add+0x5ed/0x7e0\nplatform_device_add+0xf5/0x240\nmfd_add_devices+0x3f9/0x500\n? preempt_count_add+0x4c/0xa0\n? up_write+0xa2/0x1b0\n? __debugfs_create_file+0xe3/0x150\nintel_lpss_probe+0x49f/0x5b0\n? pci_conf1_write+0xa3/0xf0\nintel_lpss_pci_probe+0xcf/0x110 [intel_lpss_pci]\npci_device_probe+0x95/0x120\nreally_probe+0xd9/0x370\n? __pfx___driver_attach+0x10/0x10\n__driver_probe_device+0x73/0x150\ndriver_probe_device+0x19/0xa0\n__driver_attach+0xb6/0x180\n? __pfx___driver_attach+0x10/0x10\nbus_for_each_dev+0x77/0xd0\nbus_add_driver+0x114/0x210\ndriver_register+0x5b/0x110\n? __pfx_intel_lpss_pci_driver_init+0x10/0x10 [intel_lpss_pci]\ndo_one_initcall+0x57/0x2b0\n? kmalloc_trace+0x21e/0x280\n? do_init_module+0x1e/0x210\ndo_init_module+0x5f/0x210\nload_module+0x1d37/0x1fc0\n? init_module_from_file+0x86/0xd0\ninit_module_from_file+0x86/0xd0\nidempotent_init_module+0x17c/0x230\n__x64_sys_finit_module+0x56/0xb0\ndo_syscall_64+0x6e/0x140\nentry_SYSCALL_64_after_hwframe+0x71/0x79", "CVE-2024-35957 is a vulnerability in the Linux kernel's Intel Virtualization Technology for Directed I/O (VT-d) subsystem. The issue stems from an incorrect assumption that each device has a unique source ID, leading to potential conflicts and system warnings during the IOMMU probe process. This flaw has been addressed by modifying the tracking mechanism to include only devices with PCI Address Translation Services (ATS) capabilities, thereby preventing unnecessary warnings and ensuring system stability. Users are advised to update their Linux kernel to a version that includes this fix to maintain optimal system performance." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-35957\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35957\nhttps://lore.kernel.org/linux-cve-announce/2024052019-CVE-2024-35957-8c83@gregkh/T" ],
  "name" : "CVE-2024-35957",
  "csaw" : false
}