Executive Summary

Informations
Name CVE-2024-56669 First vendor Publication 2024-12-27
Vendor Cve Last vendor Modification 2025-02-11

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 7.8
Base Score 7.8 Environmental Score 7.8
impact SubScore 5.9 Temporal Score 7.8
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

iommu/vt-d: Remove cache tags before disabling ATS

The current implementation removes cache tags after disabling ATS, leading to potential memory leaks and kernel crashes. Specifically, CACHE_TAG_DEVTLB type cache tags may still remain in the list even after the domain is freed, causing a use-after-free condition.

This issue really shows up when multiple VFs from different PFs passed through to a single user-space process via vfio-pci. In such cases, the kernel may crash with kernel messages like:

BUG: kernel NULL pointer dereference, address: 0000000000000014
PGD 19036a067 P4D 1940a3067 PUD 136c9b067 PMD 0
Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 74 UID: 0 PID: 3183 Comm: testCli Not tainted 6.11.9 #2
RIP: 0010:cache_tag_flush_range+0x9b/0x250
Call Trace:

? __die+0x1f/0x60
? page_fault_oops+0x163/0x590
? exc_page_fault+0x72/0x190
? asm_exc_page_fault+0x22/0x30
? cache_tag_flush_range+0x9b/0x250
? cache_tag_flush_range+0x5d/0x250
intel_iommu_tlb_sync+0x29/0x40
intel_iommu_unmap_pages+0xfe/0x160
__iommu_unmap+0xd8/0x1a0
vfio_unmap_unpin+0x182/0x340 [vfio_iommu_type1]
vfio_remove_dma+0x2a/0xb0 [vfio_iommu_type1]
vfio_iommu_type1_ioctl+0xafa/0x18e0 [vfio_iommu_type1]

Move cache_tag_unassign_domain() before iommu_disable_pci_caps() to fix it.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56669

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-476 NULL Pointer Dereference
33 % CWE-416 Use After Free
33 % CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory Leak')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3703

Sources (Detail)

https://git.kernel.org/stable/c/1f2557e08a617a4b5e92a48a1a9a6f86621def18
https://git.kernel.org/stable/c/9a0a72d3ed919ebe6491f527630998be053151d8
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Date Informations
2025-07-15 02:41:15
  • Multiple Updates
2025-07-14 12:38:33
  • Multiple Updates
2025-06-26 02:38:30
  • Multiple Updates
2025-06-25 12:36:34
  • Multiple Updates
2025-06-24 02:43:08
  • Multiple Updates
2025-05-27 02:48:33
  • Multiple Updates
2025-03-29 03:44:27
  • Multiple Updates
2025-03-28 13:47:43
  • Multiple Updates
2025-03-28 03:22:16
  • Multiple Updates
2025-03-19 03:17:05
  • Multiple Updates
2025-03-18 03:30:04
  • Multiple Updates
2025-03-14 03:17:11
  • Multiple Updates
2025-03-06 14:13:44
  • Multiple Updates
2025-02-22 03:27:16
  • Multiple Updates
2025-02-11 21:20:53
  • Multiple Updates
2025-01-08 00:20:54
  • Multiple Updates
2025-01-07 03:08:09
  • Multiple Updates
2025-01-07 00:20:36
  • Multiple Updates
2025-01-06 21:20:45
  • Multiple Updates
2024-12-27 21:20:27
  • First insertion