CVE-2024-26738: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller When a PCI device is dynamically added, the kernel oopses with a NULL pointer dereference: BUG: Kernel NULL pointer dereference on read at 0x00000030 Faulting instruction address: 0xc0000000006bbe5c Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries Modules linked in: rpadlpar_io rpaphp rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs xsk_diag bonding nft_compat nf_tables nfnetlink rfkill binfmt_misc dm_multipath rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi ib_ipoib rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c mlx5_core mlxfw sd_mod t10_pi sg tls ibmvscsi ibmveth scsi_transport_srp vmx_crypto pseries_wdt psample dm_mirror dm_region_hash dm_log dm_mod fuse CPU: 17 PID: 2685 Comm: drmgr Not tainted 6.7.0-203405+ #66 Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries NIP: c0000000006bbe5c LR: c000000000a13e68 CTR: c0000000000579f8 REGS: c00000009924f240 TRAP: 0300 Not tainted (6.7.0-203405+) MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 24002220 XER: 20040006 CFAR: c000000000a13e64 DAR: 0000000000000030 DSISR: 40000000 IRQMASK: 0 ... NIP sysfs_add_link_to_group+0x34/0x94 LR iommu_device_link+0x5c/0x118 Call Trace: iommu_init_device+0x26c/0x318 (unreliable) iommu_device_link+0x5c/0x118 iommu_init_device+0xa8/0x318 iommu_probe_device+0xc0/0x134 iommu_bus_notifier+0x44/0x104 notifier_call_chain+0xb8/0x19c blocking_notifier_call_chain+0x64/0x98 bus_notify+0x50/0x7c device_add+0x640/0x918 pci_device_add+0x23c/0x298 of_create_pci_dev+0x400/0x884 of_scan_pci_dev+0x124/0x1b0 __of_scan_bus+0x78/0x18c pcibios_scan_phb+0x2a4/0x3b0 init_phb_dynamic+0xb8/0x110 dlpar_add_slot+0x170/0x3b8 [rpadlpar_io] add_slot_store.part.0+0xb4/0x130 [rpadlpar_io] kobj_attr_store+0x2c/0x48 sysfs_kf_write+0x64/0x78 kernfs_fop_write_iter+0x1b0/0x290 vfs_write+0x350/0x4a0 ksys_write+0x84/0x140 system_call_exception+0x124/0x330 system_call_vectored_common+0x15c/0x2ec Commit a940904443e4 ("powerpc/iommu: Add iommu_ops to report capabilities and allow blocking domains") broke DLPAR add of PCI devices. The above added iommu_device structure to pci_controller. During system boot, PCI devices are discovered and this newly added iommu_device structure is initialized by a call to iommu_device_register(). During DLPAR add of a PCI device, a new pci_controller structure is allocated but there are no calls made to iommu_device_register() interface. Fix is to register the iommu device during DLPAR add as well.
AI Analysis
Technical Summary
CVE-2024-26738 is a vulnerability in the Linux kernel specifically affecting the powerpc/pseries architecture's IOMMU (Input-Output Memory Management Unit) handling during Dynamic Logical Partitioning (DLPAR) add operations for PCI devices. The issue arises because when a PCI device is dynamically added to the system via DLPAR, the kernel fails to fully initialize the pci_controller structure, particularly neglecting to register the iommu_device. This omission leads to a NULL pointer dereference in the kernel, causing a kernel oops (crash) with a fault at a specific memory address. The root cause is traced to a commit (a940904443e4) that introduced iommu_device registration during system boot PCI device discovery but did not extend this registration to DLPAR add operations. During normal boot, iommu_device_register() is called to initialize the iommu_device structure, but during DLPAR add, this call is missing, resulting in an uninitialized pointer. The kernel oops manifests as a NULL pointer dereference when the kernel attempts to access the uninitialized iommu_device pointer in pci_controller. This vulnerability affects Linux kernel versions including and after the commit a940904443e4 and is specific to IBM pSeries POWER10 hardware running the affected kernel versions. The vulnerability does not appear to have known exploits in the wild yet. The fix involves ensuring that iommu_device_register() is called during DLPAR add operations to properly initialize the pci_controller's iommu_device structure, preventing the NULL pointer dereference and kernel crash. This vulnerability is critical for environments using dynamic PCI device addition on POWER architecture servers running Linux kernels with the affected commit.
Potential Impact
For European organizations utilizing IBM pSeries POWER10 servers running affected Linux kernel versions, this vulnerability can cause system instability and denial of service due to kernel crashes triggered by dynamic PCI device additions via DLPAR. This is particularly impactful in virtualized or cloud environments where dynamic resource allocation is common. The kernel oops can disrupt critical workloads, leading to downtime and potential data loss if systems are not properly isolated or if failover mechanisms are inadequate. Since the vulnerability causes a NULL pointer dereference in kernel space, it affects system availability directly. Confidentiality and integrity impacts are less direct but could arise if attackers leverage the crash to induce system reboots or trigger race conditions in multi-tenant environments. The lack of known exploits reduces immediate risk, but the ease of triggering the crash via DLPAR add operations means that malicious insiders or attackers with administrative privileges could exploit this to cause denial of service. European organizations in sectors such as finance, telecommunications, and government that rely on POWER architecture servers for high-availability workloads are at higher risk of operational disruption.
Mitigation Recommendations
1. Apply the patch or upgrade to a Linux kernel version that includes the fix for CVE-2024-26738, ensuring that iommu_device_register() is called during DLPAR add operations. 2. Until patched, restrict or disable dynamic PCI device addition via DLPAR on affected POWER10 systems to prevent triggering the kernel oops. 3. Implement robust monitoring of kernel logs and system stability to detect early signs of kernel crashes related to PCI device management. 4. Use virtualization and partitioning best practices to isolate workloads and minimize impact of potential crashes. 5. Coordinate with IBM and Linux distribution vendors for timely updates and guidance specific to POWER architecture. 6. Conduct thorough testing of kernel upgrades in staging environments before deployment to production to avoid regressions. 7. Limit administrative access to systems capable of performing DLPAR operations to trusted personnel only, reducing risk of intentional exploitation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
CVE-2024-26738: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller When a PCI device is dynamically added, the kernel oopses with a NULL pointer dereference: BUG: Kernel NULL pointer dereference on read at 0x00000030 Faulting instruction address: 0xc0000000006bbe5c Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries Modules linked in: rpadlpar_io rpaphp rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs xsk_diag bonding nft_compat nf_tables nfnetlink rfkill binfmt_misc dm_multipath rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi ib_ipoib rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c mlx5_core mlxfw sd_mod t10_pi sg tls ibmvscsi ibmveth scsi_transport_srp vmx_crypto pseries_wdt psample dm_mirror dm_region_hash dm_log dm_mod fuse CPU: 17 PID: 2685 Comm: drmgr Not tainted 6.7.0-203405+ #66 Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries NIP: c0000000006bbe5c LR: c000000000a13e68 CTR: c0000000000579f8 REGS: c00000009924f240 TRAP: 0300 Not tainted (6.7.0-203405+) MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 24002220 XER: 20040006 CFAR: c000000000a13e64 DAR: 0000000000000030 DSISR: 40000000 IRQMASK: 0 ... NIP sysfs_add_link_to_group+0x34/0x94 LR iommu_device_link+0x5c/0x118 Call Trace: iommu_init_device+0x26c/0x318 (unreliable) iommu_device_link+0x5c/0x118 iommu_init_device+0xa8/0x318 iommu_probe_device+0xc0/0x134 iommu_bus_notifier+0x44/0x104 notifier_call_chain+0xb8/0x19c blocking_notifier_call_chain+0x64/0x98 bus_notify+0x50/0x7c device_add+0x640/0x918 pci_device_add+0x23c/0x298 of_create_pci_dev+0x400/0x884 of_scan_pci_dev+0x124/0x1b0 __of_scan_bus+0x78/0x18c pcibios_scan_phb+0x2a4/0x3b0 init_phb_dynamic+0xb8/0x110 dlpar_add_slot+0x170/0x3b8 [rpadlpar_io] add_slot_store.part.0+0xb4/0x130 [rpadlpar_io] kobj_attr_store+0x2c/0x48 sysfs_kf_write+0x64/0x78 kernfs_fop_write_iter+0x1b0/0x290 vfs_write+0x350/0x4a0 ksys_write+0x84/0x140 system_call_exception+0x124/0x330 system_call_vectored_common+0x15c/0x2ec Commit a940904443e4 ("powerpc/iommu: Add iommu_ops to report capabilities and allow blocking domains") broke DLPAR add of PCI devices. The above added iommu_device structure to pci_controller. During system boot, PCI devices are discovered and this newly added iommu_device structure is initialized by a call to iommu_device_register(). During DLPAR add of a PCI device, a new pci_controller structure is allocated but there are no calls made to iommu_device_register() interface. Fix is to register the iommu device during DLPAR add as well.
AI-Powered Analysis
Technical Analysis
CVE-2024-26738 is a vulnerability in the Linux kernel specifically affecting the powerpc/pseries architecture's IOMMU (Input-Output Memory Management Unit) handling during Dynamic Logical Partitioning (DLPAR) add operations for PCI devices. The issue arises because when a PCI device is dynamically added to the system via DLPAR, the kernel fails to fully initialize the pci_controller structure, particularly neglecting to register the iommu_device. This omission leads to a NULL pointer dereference in the kernel, causing a kernel oops (crash) with a fault at a specific memory address. The root cause is traced to a commit (a940904443e4) that introduced iommu_device registration during system boot PCI device discovery but did not extend this registration to DLPAR add operations. During normal boot, iommu_device_register() is called to initialize the iommu_device structure, but during DLPAR add, this call is missing, resulting in an uninitialized pointer. The kernel oops manifests as a NULL pointer dereference when the kernel attempts to access the uninitialized iommu_device pointer in pci_controller. This vulnerability affects Linux kernel versions including and after the commit a940904443e4 and is specific to IBM pSeries POWER10 hardware running the affected kernel versions. The vulnerability does not appear to have known exploits in the wild yet. The fix involves ensuring that iommu_device_register() is called during DLPAR add operations to properly initialize the pci_controller's iommu_device structure, preventing the NULL pointer dereference and kernel crash. This vulnerability is critical for environments using dynamic PCI device addition on POWER architecture servers running Linux kernels with the affected commit.
Potential Impact
For European organizations utilizing IBM pSeries POWER10 servers running affected Linux kernel versions, this vulnerability can cause system instability and denial of service due to kernel crashes triggered by dynamic PCI device additions via DLPAR. This is particularly impactful in virtualized or cloud environments where dynamic resource allocation is common. The kernel oops can disrupt critical workloads, leading to downtime and potential data loss if systems are not properly isolated or if failover mechanisms are inadequate. Since the vulnerability causes a NULL pointer dereference in kernel space, it affects system availability directly. Confidentiality and integrity impacts are less direct but could arise if attackers leverage the crash to induce system reboots or trigger race conditions in multi-tenant environments. The lack of known exploits reduces immediate risk, but the ease of triggering the crash via DLPAR add operations means that malicious insiders or attackers with administrative privileges could exploit this to cause denial of service. European organizations in sectors such as finance, telecommunications, and government that rely on POWER architecture servers for high-availability workloads are at higher risk of operational disruption.
Mitigation Recommendations
1. Apply the patch or upgrade to a Linux kernel version that includes the fix for CVE-2024-26738, ensuring that iommu_device_register() is called during DLPAR add operations. 2. Until patched, restrict or disable dynamic PCI device addition via DLPAR on affected POWER10 systems to prevent triggering the kernel oops. 3. Implement robust monitoring of kernel logs and system stability to detect early signs of kernel crashes related to PCI device management. 4. Use virtualization and partitioning best practices to isolate workloads and minimize impact of potential crashes. 5. Coordinate with IBM and Linux distribution vendors for timely updates and guidance specific to POWER architecture. 6. Conduct thorough testing of kernel upgrades in staging environments before deployment to production to avoid regressions. 7. Limit administrative access to systems capable of performing DLPAR operations to trusted personnel only, reducing risk of intentional exploitation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.166Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ac4522896dcbe39d5
Added to database: 5/21/2025, 9:08:58 AM
Last enriched: 6/29/2025, 5:57:26 PM
Last updated: 8/11/2025, 11:14:57 PM
Views: 16
Related Threats
CVE-2025-9100: Authentication Bypass by Capture-replay in zhenfeng13 My-Blog
MediumCVE-2025-9099: Unrestricted Upload in Acrel Environmental Monitoring Cloud Platform
MediumCVE-2025-9098: Improper Export of Android Application Components in Elseplus File Recovery App
MediumCVE-2025-31715: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Unisoc (Shanghai) Technologies Co., Ltd. SL8521E/SL8521ET/ SL8541E/UIS8141E/UWS6137/UWS6137E/UWS6151(E)/UWS6152
CriticalCVE-2025-31714: CWE-20 Improper Input Validation in Unisoc (Shanghai) Technologies Co., Ltd. SL8521E/SL8521ET/ SL8541E/UIS8141E/UWS6137/UWS6137E/UWS6151(E)/UWS6152
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.