VDB

CISA-2024-56568

CISA-2024-56568 PUBLISHED CVSS 4.7 MEDIUM

Reported by Linux · Published December 27, 2024

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called. Following is how the race occurs: T1:Smmu device probe T2: Client device probe really_probe() arm_smmu_device_probe() iommu_device_register() really_probe() platform_dma_configure() of_dma_configure() of_dma_configure_id() of_iommu_configure() iommu_probe_device() iommu_init_device() arm_smmu_probe_device() arm_smmu_get_by_fwnode() driver_find_device_by_fwnode() driver_find_device() next_device() klist_next() /* null ptr assigned to smmu */ /* null ptr dereference while smmu->streamid_mask */ driver_bound() klist_add_tail() When this null smmu pointer is dereferenced later in arm_smmu_probe_device, the device crashes. Fix this by deferring the probe of the client device until the smmu device has bound to the arm smmu driver. [will: Add comment]

Risk Scores

CVSS 3.1
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
LinuxLinux021bb8420d44cf56102d44fca9af628625e75482, 021bb8420d44cf56102d44fca9af628625e75482, 021bb8420d44cf56102d44fca9af628625e75482
LinuxLinux4.9, 0, 5.10.231
linuxlinux_kernel4.9, 4.9, 4.9
LinuxLinux021bb8420d44cf56102d44fca9af628625e75482, *, 021bb8420d44cf56102d44fca9af628625e75482

Timeline

  • Dec 27, 2024 CVE Published
  • Nov 3, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›