Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-26847

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/04/2024
Last modified:
16/09/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> powerpc/rtas: use correct function name for resetting TCE tables<br /> <br /> The PAPR spec spells the function name as<br /> <br /> "ibm,reset-pe-dma-windows"<br /> <br /> but in practice firmware uses the singular form:<br /> <br /> "ibm,reset-pe-dma-window"<br /> <br /> in the device tree. Since we have the wrong spelling in the RTAS<br /> function table, reverse lookups (token -&gt; name) fail and warn:<br /> <br /> unexpected failed lookup for token 86<br /> WARNING: CPU: 1 PID: 545 at arch/powerpc/kernel/rtas.c:659 __do_enter_rtas_trace+0x2a4/0x2b4<br /> CPU: 1 PID: 545 Comm: systemd-udevd Not tainted 6.8.0-rc4 #30<br /> Hardware name: IBM,9105-22A POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NL1060_028) hv:phyp pSeries<br /> NIP [c0000000000417f0] __do_enter_rtas_trace+0x2a4/0x2b4<br /> LR [c0000000000417ec] __do_enter_rtas_trace+0x2a0/0x2b4<br /> Call Trace:<br /> __do_enter_rtas_trace+0x2a0/0x2b4 (unreliable)<br /> rtas_call+0x1f8/0x3e0<br /> enable_ddw.constprop.0+0x4d0/0xc84<br /> dma_iommu_dma_supported+0xe8/0x24c<br /> dma_set_mask+0x5c/0xd8<br /> mlx5_pci_init.constprop.0+0xf0/0x46c [mlx5_core]<br /> probe_one+0xfc/0x32c [mlx5_core]<br /> local_pci_probe+0x68/0x12c<br /> pci_call_probe+0x68/0x1ec<br /> pci_device_probe+0xbc/0x1a8<br /> really_probe+0x104/0x570<br /> __driver_probe_device+0xb8/0x224<br /> driver_probe_device+0x54/0x130<br /> __driver_attach+0x158/0x2b0<br /> bus_for_each_dev+0xa8/0x120<br /> driver_attach+0x34/0x48<br /> bus_add_driver+0x174/0x304<br /> driver_register+0x8c/0x1c4<br /> __pci_register_driver+0x68/0x7c<br /> mlx5_init+0xb8/0x118 [mlx5_core]<br /> do_one_initcall+0x60/0x388<br /> do_init_module+0x7c/0x2a4<br /> init_module_from_file+0xb4/0x108<br /> idempotent_init_module+0x184/0x34c<br /> sys_finit_module+0x90/0x114<br /> <br /> And oopses are possible when lockdep is enabled or the RTAS<br /> tracepoints are active, since those paths dereference the result of<br /> the lookup.<br /> <br /> Use the correct spelling to match firmware&amp;#39;s behavior, adjusting the<br /> related constants to match.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.10 MEDIUM
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.10
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.3 (including) 6.6.21 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.7.9 (excluding)
cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc6:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools