CVE-2024-26891: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected For those endpoint devices connect to system via hotplug capable ports, users could request a hot reset to the device by flapping device's link through setting the slot's link control register, as pciehp_ist() DLLSC interrupt sequence response, pciehp will unload the device driver and then power it off. thus cause an IOMMU device-TLB invalidation (Intel VT-d spec, or ATS Invalidation in PCIe spec r6.1) request for non-existence target device to be sent and deadly loop to retry that request after ITE fault triggered in interrupt context. That would cause following continuous hard lockup warning and system hang [ 4211.433662] pcieport 0000:17:01.0: pciehp: Slot(108): Link Down [ 4211.433664] pcieport 0000:17:01.0: pciehp: Slot(108): Card not present [ 4223.822591] NMI watchdog: Watchdog detected hard LOCKUP on cpu 144 [ 4223.822622] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S OE kernel version xxxx [ 4223.822623] Hardware name: vendorname xxxx 666-106, BIOS 01.01.02.03.01 05/15/2023 [ 4223.822623] RIP: 0010:qi_submit_sync+0x2c0/0x490 [ 4223.822624] Code: 48 be 00 00 00 00 00 08 00 00 49 85 74 24 20 0f 95 c1 48 8b 57 10 83 c1 04 83 3c 1a 03 0f 84 a2 01 00 00 49 8b 04 24 8b 70 34 <40> f6 c6 1 0 74 17 49 8b 04 24 8b 80 80 00 00 00 89 c2 d3 fa 41 39 [ 4223.822624] RSP: 0018:ffffc4f074f0bbb8 EFLAGS: 00000093 [ 4223.822625] RAX: ffffc4f040059000 RBX: 0000000000000014 RCX: 0000000000000005 [ 4223.822625] RDX: ffff9f3841315800 RSI: 0000000000000000 RDI: ffff9f38401a8340 [ 4223.822625] RBP: ffff9f38401a8340 R08: ffffc4f074f0bc00 R09: 0000000000000000 [ 4223.822626] R10: 0000000000000010 R11: 0000000000000018 R12: ffff9f384005e200 [ 4223.822626] R13: 0000000000000004 R14: 0000000000000046 R15: 0000000000000004 [ 4223.822626] FS: 0000000000000000(0000) GS:ffffa237ae400000(0000) knlGS:0000000000000000 [ 4223.822627] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4223.822627] CR2: 00007ffe86515d80 CR3: 000002fd3000a001 CR4: 0000000000770ee0 [ 4223.822627] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4223.822628] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 [ 4223.822628] PKRU: 55555554 [ 4223.822628] Call Trace: [ 4223.822628] qi_flush_dev_iotlb+0xb1/0xd0 [ 4223.822628] __dmar_remove_one_dev_info+0x224/0x250 [ 4223.822629] dmar_remove_one_dev_info+0x3e/0x50 [ 4223.822629] intel_iommu_release_device+0x1f/0x30 [ 4223.822629] iommu_release_device+0x33/0x60 [ 4223.822629] iommu_bus_notifier+0x7f/0x90 [ 4223.822630] blocking_notifier_call_chain+0x60/0x90 [ 4223.822630] device_del+0x2e5/0x420 [ 4223.822630] pci_remove_bus_device+0x70/0x110 [ 4223.822630] pciehp_unconfigure_device+0x7c/0x130 [ 4223.822631] pciehp_disable_slot+0x6b/0x100 [ 4223.822631] pciehp_handle_presence_or_link_change+0xd8/0x320 [ 4223.822631] pciehp_ist+0x176/0x180 [ 4223.822631] ? irq_finalize_oneshot.part.50+0x110/0x110 [ 4223.822632] irq_thread_fn+0x19/0x50 [ 4223.822632] irq_thread+0x104/0x190 [ 4223.822632] ? irq_forced_thread_fn+0x90/0x90 [ 4223.822632] ? irq_thread_check_affinity+0xe0/0xe0 [ 4223.822633] kthread+0x114/0x130 [ 4223.822633] ? __kthread_cancel_work+0x40/0x40 [ 4223.822633] ret_from_fork+0x1f/0x30 [ 4223.822633] Kernel panic - not syncing: Hard LOCKUP [ 4223.822634] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S OE kernel version xxxx [ 4223.822634] Hardware name: vendorname xxxx 666-106, BIOS 01.01.02.03.01 05/15/2023 [ 4223.822634] Call Trace: [ 4223.822634] <NMI> [ 4223.822635] dump_stack+0x6d/0x88 [ 4223.822635] panic+0x101/0x2d0 [ 4223.822635] ? ret_from_fork+0x11/0x30 [ 4223.822635] nmi_panic.cold.14+0xc/0xc [ 4223.822636] watchdog_overflow_callback.cold.8+0x6d/0x81 [ 4223.822636] __perf_event_overflow+0x4f/0xf0 [ 4223.822636] handle_pmi_common ---truncated---
AI Analysis
Technical Summary
CVE-2024-26891 is a vulnerability in the Linux kernel related to the handling of IOMMU (Input-Output Memory Management Unit) device-TLB invalidation requests, specifically in the Intel VT-d implementation and PCIe ATS (Address Translation Services) invalidation mechanism. The flaw occurs when endpoint devices connected via hotplug-capable PCIe ports are disconnected. During a hot reset triggered by flapping the device's link through the slot's link control register, the kernel's pciehp (PCI Express Hot Plug) driver unloads the device driver and powers off the device. However, the kernel erroneously issues an ATS invalidation request for a device that no longer exists. This leads to a fault (ITE fault) in the interrupt context, causing the system to enter a deadly loop retrying the invalidation request. The consequence is a continuous hard lockup warning and eventual system hang or kernel panic, as evidenced by the provided kernel log showing repeated PCIe slot link down events, watchdog hard lockup detection, and kernel panic stack traces. This vulnerability affects Linux kernel versions identified by the commit hash 6f7db75e1c469057fe7588ed959328ead771ccc7 and likely related versions around that timeframe. The issue is rooted in the improper handling of device removal and IOMMU invalidation sequences, causing a denial of service (DoS) condition by freezing the system. No known exploits are reported in the wild yet, and no CVSS score has been assigned. The vulnerability is technical and specific to systems using Intel VT-d IOMMU with hotplug PCIe devices, which are common in server and workstation environments.
Potential Impact
For European organizations, this vulnerability poses a significant risk primarily to data centers, cloud providers, and enterprises running Linux-based servers or workstations with Intel VT-d enabled hardware and hotplug PCIe devices such as NVMe drives, network cards, or GPUs. The impact is a denial of service condition resulting in system hangs or kernel panics, which can lead to downtime, loss of availability of critical services, and potential data loss if systems are abruptly halted. This is particularly critical for industries relying on high availability and real-time processing such as finance, telecommunications, manufacturing, and public sector infrastructure. The vulnerability could disrupt operations by causing unexpected system crashes during device hotplug events, which are common in dynamic hardware environments. Although no remote code execution or privilege escalation is indicated, the DoS impact on critical infrastructure can have cascading effects on business continuity and service level agreements. Additionally, recovery from such hangs may require manual intervention or system reboots, increasing operational overhead and risk of prolonged outages.
Mitigation Recommendations
To mitigate CVE-2024-26891, European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched. Since the issue is related to the pciehp driver and IOMMU handling, applying the latest stable kernel releases or vendor-provided security patches that address this flaw is essential. Organizations should audit their hardware configurations to identify systems using Intel VT-d with hotplug PCIe devices and test updates in controlled environments before deployment. As an interim measure, disabling PCIe hotplug functionality on affected systems where feasible can reduce exposure, though this may impact hardware flexibility. Monitoring kernel logs for repeated PCIe slot link down events and hard lockup warnings can help detect attempts to trigger the vulnerability. Implementing robust system monitoring and automated reboot mechanisms may reduce downtime impact. For critical systems, consider isolating vulnerable hardware or using virtualization/containerization to limit the blast radius. Coordination with hardware vendors for firmware updates and BIOS patches that improve PCIe hotplug stability is also recommended. Finally, maintain regular backups and disaster recovery plans to mitigate the operational impact of unexpected system hangs.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-26891: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected For those endpoint devices connect to system via hotplug capable ports, users could request a hot reset to the device by flapping device's link through setting the slot's link control register, as pciehp_ist() DLLSC interrupt sequence response, pciehp will unload the device driver and then power it off. thus cause an IOMMU device-TLB invalidation (Intel VT-d spec, or ATS Invalidation in PCIe spec r6.1) request for non-existence target device to be sent and deadly loop to retry that request after ITE fault triggered in interrupt context. That would cause following continuous hard lockup warning and system hang [ 4211.433662] pcieport 0000:17:01.0: pciehp: Slot(108): Link Down [ 4211.433664] pcieport 0000:17:01.0: pciehp: Slot(108): Card not present [ 4223.822591] NMI watchdog: Watchdog detected hard LOCKUP on cpu 144 [ 4223.822622] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S OE kernel version xxxx [ 4223.822623] Hardware name: vendorname xxxx 666-106, BIOS 01.01.02.03.01 05/15/2023 [ 4223.822623] RIP: 0010:qi_submit_sync+0x2c0/0x490 [ 4223.822624] Code: 48 be 00 00 00 00 00 08 00 00 49 85 74 24 20 0f 95 c1 48 8b 57 10 83 c1 04 83 3c 1a 03 0f 84 a2 01 00 00 49 8b 04 24 8b 70 34 <40> f6 c6 1 0 74 17 49 8b 04 24 8b 80 80 00 00 00 89 c2 d3 fa 41 39 [ 4223.822624] RSP: 0018:ffffc4f074f0bbb8 EFLAGS: 00000093 [ 4223.822625] RAX: ffffc4f040059000 RBX: 0000000000000014 RCX: 0000000000000005 [ 4223.822625] RDX: ffff9f3841315800 RSI: 0000000000000000 RDI: ffff9f38401a8340 [ 4223.822625] RBP: ffff9f38401a8340 R08: ffffc4f074f0bc00 R09: 0000000000000000 [ 4223.822626] R10: 0000000000000010 R11: 0000000000000018 R12: ffff9f384005e200 [ 4223.822626] R13: 0000000000000004 R14: 0000000000000046 R15: 0000000000000004 [ 4223.822626] FS: 0000000000000000(0000) GS:ffffa237ae400000(0000) knlGS:0000000000000000 [ 4223.822627] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4223.822627] CR2: 00007ffe86515d80 CR3: 000002fd3000a001 CR4: 0000000000770ee0 [ 4223.822627] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4223.822628] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 [ 4223.822628] PKRU: 55555554 [ 4223.822628] Call Trace: [ 4223.822628] qi_flush_dev_iotlb+0xb1/0xd0 [ 4223.822628] __dmar_remove_one_dev_info+0x224/0x250 [ 4223.822629] dmar_remove_one_dev_info+0x3e/0x50 [ 4223.822629] intel_iommu_release_device+0x1f/0x30 [ 4223.822629] iommu_release_device+0x33/0x60 [ 4223.822629] iommu_bus_notifier+0x7f/0x90 [ 4223.822630] blocking_notifier_call_chain+0x60/0x90 [ 4223.822630] device_del+0x2e5/0x420 [ 4223.822630] pci_remove_bus_device+0x70/0x110 [ 4223.822630] pciehp_unconfigure_device+0x7c/0x130 [ 4223.822631] pciehp_disable_slot+0x6b/0x100 [ 4223.822631] pciehp_handle_presence_or_link_change+0xd8/0x320 [ 4223.822631] pciehp_ist+0x176/0x180 [ 4223.822631] ? irq_finalize_oneshot.part.50+0x110/0x110 [ 4223.822632] irq_thread_fn+0x19/0x50 [ 4223.822632] irq_thread+0x104/0x190 [ 4223.822632] ? irq_forced_thread_fn+0x90/0x90 [ 4223.822632] ? irq_thread_check_affinity+0xe0/0xe0 [ 4223.822633] kthread+0x114/0x130 [ 4223.822633] ? __kthread_cancel_work+0x40/0x40 [ 4223.822633] ret_from_fork+0x1f/0x30 [ 4223.822633] Kernel panic - not syncing: Hard LOCKUP [ 4223.822634] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S OE kernel version xxxx [ 4223.822634] Hardware name: vendorname xxxx 666-106, BIOS 01.01.02.03.01 05/15/2023 [ 4223.822634] Call Trace: [ 4223.822634] <NMI> [ 4223.822635] dump_stack+0x6d/0x88 [ 4223.822635] panic+0x101/0x2d0 [ 4223.822635] ? ret_from_fork+0x11/0x30 [ 4223.822635] nmi_panic.cold.14+0xc/0xc [ 4223.822636] watchdog_overflow_callback.cold.8+0x6d/0x81 [ 4223.822636] __perf_event_overflow+0x4f/0xf0 [ 4223.822636] handle_pmi_common ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-26891 is a vulnerability in the Linux kernel related to the handling of IOMMU (Input-Output Memory Management Unit) device-TLB invalidation requests, specifically in the Intel VT-d implementation and PCIe ATS (Address Translation Services) invalidation mechanism. The flaw occurs when endpoint devices connected via hotplug-capable PCIe ports are disconnected. During a hot reset triggered by flapping the device's link through the slot's link control register, the kernel's pciehp (PCI Express Hot Plug) driver unloads the device driver and powers off the device. However, the kernel erroneously issues an ATS invalidation request for a device that no longer exists. This leads to a fault (ITE fault) in the interrupt context, causing the system to enter a deadly loop retrying the invalidation request. The consequence is a continuous hard lockup warning and eventual system hang or kernel panic, as evidenced by the provided kernel log showing repeated PCIe slot link down events, watchdog hard lockup detection, and kernel panic stack traces. This vulnerability affects Linux kernel versions identified by the commit hash 6f7db75e1c469057fe7588ed959328ead771ccc7 and likely related versions around that timeframe. The issue is rooted in the improper handling of device removal and IOMMU invalidation sequences, causing a denial of service (DoS) condition by freezing the system. No known exploits are reported in the wild yet, and no CVSS score has been assigned. The vulnerability is technical and specific to systems using Intel VT-d IOMMU with hotplug PCIe devices, which are common in server and workstation environments.
Potential Impact
For European organizations, this vulnerability poses a significant risk primarily to data centers, cloud providers, and enterprises running Linux-based servers or workstations with Intel VT-d enabled hardware and hotplug PCIe devices such as NVMe drives, network cards, or GPUs. The impact is a denial of service condition resulting in system hangs or kernel panics, which can lead to downtime, loss of availability of critical services, and potential data loss if systems are abruptly halted. This is particularly critical for industries relying on high availability and real-time processing such as finance, telecommunications, manufacturing, and public sector infrastructure. The vulnerability could disrupt operations by causing unexpected system crashes during device hotplug events, which are common in dynamic hardware environments. Although no remote code execution or privilege escalation is indicated, the DoS impact on critical infrastructure can have cascading effects on business continuity and service level agreements. Additionally, recovery from such hangs may require manual intervention or system reboots, increasing operational overhead and risk of prolonged outages.
Mitigation Recommendations
To mitigate CVE-2024-26891, European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched. Since the issue is related to the pciehp driver and IOMMU handling, applying the latest stable kernel releases or vendor-provided security patches that address this flaw is essential. Organizations should audit their hardware configurations to identify systems using Intel VT-d with hotplug PCIe devices and test updates in controlled environments before deployment. As an interim measure, disabling PCIe hotplug functionality on affected systems where feasible can reduce exposure, though this may impact hardware flexibility. Monitoring kernel logs for repeated PCIe slot link down events and hard lockup warnings can help detect attempts to trigger the vulnerability. Implementing robust system monitoring and automated reboot mechanisms may reduce downtime impact. For critical systems, consider isolating vulnerable hardware or using virtualization/containerization to limit the blast radius. Coordination with hardware vendors for firmware updates and BIOS patches that improve PCIe hotplug stability is also recommended. Finally, maintain regular backups and disaster recovery plans to mitigate the operational impact of unexpected system hangs.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.186Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982bc4522896dcbe3e74
Added to database: 5/21/2025, 9:08:59 AM
Last enriched: 6/29/2025, 7:56:38 PM
Last updated: 7/30/2025, 10:49:30 PM
Views: 9
Related Threats
CVE-2025-8293: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Theerawat Patthawee Intl DateTime Calendar
MediumCVE-2025-7686: CWE-352 Cross-Site Request Forgery (CSRF) in lmyoaoa weichuncai(WP伪春菜)
MediumCVE-2025-7684: CWE-352 Cross-Site Request Forgery (CSRF) in remysharp Last.fm Recent Album Artwork
MediumCVE-2025-7683: CWE-352 Cross-Site Request Forgery (CSRF) in janyksteenbeek LatestCheckins
MediumCVE-2025-7668: CWE-352 Cross-Site Request Forgery (CSRF) in timothyja Linux Promotional Plugin
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.