CVE-2024-36884: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() This was missed because of the function pointer indirection. nvidia_smmu_context_fault() is also installed as a irq function, and the 'void *' was changed to a struct arm_smmu_domain. Since the iommu_domain is embedded at a non-zero offset this causes nvidia_smmu_context_fault() to miscompute the offset. Fixup the types. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000120 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000000107c9f000 [0000000000000120] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000096000004 [#1] SMP Modules linked in: CPU: 1 PID: 47 Comm: kworker/u25:0 Not tainted 6.9.0-0.rc7.58.eln136.aarch64 #1 Hardware name: Unknown NVIDIA Jetson Orin NX/NVIDIA Jetson Orin NX, BIOS 3.1-32827747 03/19/2023 Workqueue: events_unbound deferred_probe_work_func pstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : nvidia_smmu_context_fault+0x1c/0x158 lr : __free_irq+0x1d4/0x2e8 sp : ffff80008044b6f0 x29: ffff80008044b6f0 x28: ffff000080a60b18 x27: ffffd32b5172e970 x26: 0000000000000000 x25: ffff0000802f5aac x24: ffff0000802f5a30 x23: ffff0000802f5b60 x22: 0000000000000057 x21: 0000000000000000 x20: ffff0000802f5a00 x19: ffff000087d4cd80 x18: ffffffffffffffff x17: 6234362066666666 x16: 6630303078302d30 x15: ffff00008156d888 x14: 0000000000000000 x13: ffff0000801db910 x12: ffff00008156d6d0 x11: 0000000000000003 x10: ffff0000801db918 x9 : ffffd32b50f94d9c x8 : 1fffe0001032fda1 x7 : ffff00008197ed00 x6 : 000000000000000f x5 : 000000000000010e x4 : 000000000000010e x3 : 0000000000000000 x2 : ffffd32b51720cd8 x1 : ffff000087e6f700 x0 : 0000000000000057 Call trace: nvidia_smmu_context_fault+0x1c/0x158 __free_irq+0x1d4/0x2e8 free_irq+0x3c/0x80 devm_free_irq+0x64/0xa8 arm_smmu_domain_free+0xc4/0x158 iommu_domain_free+0x44/0xa0 iommu_deinit_device+0xd0/0xf8 __iommu_group_remove_device+0xcc/0xe0 iommu_bus_notifier+0x64/0xa8 notifier_call_chain+0x78/0x148 blocking_notifier_call_chain+0x4c/0x90 bus_notify+0x44/0x70 device_del+0x264/0x3e8 pci_remove_bus_device+0x84/0x120 pci_remove_root_bus+0x5c/0xc0 dw_pcie_host_deinit+0x38/0xe0 tegra_pcie_config_rp+0xc0/0x1f0 tegra_pcie_dw_probe+0x34c/0x700 platform_probe+0x70/0xe8 really_probe+0xc8/0x3a0 __driver_probe_device+0x84/0x160 driver_probe_device+0x44/0x130 __device_attach_driver+0xc4/0x170 bus_for_each_drv+0x90/0x100 __device_attach+0xa8/0x1c8 device_initial_probe+0x1c/0x30 bus_probe_device+0xb0/0xc0 deferred_probe_work_func+0xbc/0x120 process_one_work+0x194/0x490 worker_thread+0x284/0x3b0 kthread+0xf4/0x108 ret_from_fork+0x10/0x20 Code: a9b97bfd 910003fd a9025bf5 f85a0035 (b94122a1)
AI Analysis
Technical Summary
CVE-2024-36884 is a vulnerability identified in the Linux kernel specifically affecting the ARM System Memory Management Unit (SMMU) driver implementation used in NVIDIA hardware, such as the NVIDIA Jetson Orin NX platform. The root cause is a type mismatch in the function pointer indirection within the nvidia_smmu_context_fault() function. This function is registered as an interrupt request (IRQ) handler but incorrectly uses a 'void *' pointer type instead of the correct 'struct arm_smmu_domain *'. Because the iommu_domain structure is embedded at a non-zero offset, this type mismatch causes the function to miscalculate memory offsets, leading to a NULL pointer dereference. The dereference occurs at a low virtual address (0x120), triggering a kernel oops and a level 0 translation fault in the memory management unit. This results in an unrecoverable kernel crash (panic) on affected systems. The vulnerability is triggered during IRQ handling related to the ARM SMMU domain freeing and device removal processes, which can be invoked during device hotplug or driver unload operations. The detailed kernel stack trace shows the fault arises during calls to free_irq and iommu_domain_free functions, indicating improper cleanup of IRQ resources due to the pointer type error. This bug was introduced due to a subtle change in the pointer type that was missed because of function pointer indirection, highlighting the complexity of kernel interrupt handling code. The vulnerability affects Linux kernel versions including 6.9.0-0.rc7.58.eln136.aarch64 and is specific to ARM64 architecture with NVIDIA SMMU hardware. No known exploits are reported in the wild as of the publication date. No CVSS score has been assigned yet. The issue is resolved by correcting the pointer type to properly reference the arm_smmu_domain structure, ensuring correct offset calculations and preventing the NULL pointer dereference and consequent kernel panic.
Potential Impact
For European organizations, the impact of CVE-2024-36884 depends largely on the deployment of affected hardware and Linux kernel versions. Organizations using NVIDIA Jetson Orin NX or similar ARM64-based embedded systems running vulnerable Linux kernels are at risk of system instability and denial of service due to kernel crashes. This can disrupt critical applications relying on these embedded platforms, such as industrial automation, IoT gateways, edge computing devices, and AI inference systems. The vulnerability could be triggered during device removal or driver unload operations, potentially causing unexpected downtime or requiring system reboots. Although no remote code execution or privilege escalation is indicated, the denial of service impact on availability can be significant for operational technology environments or edge deployments in sectors like manufacturing, automotive, and telecommunications. Given the increasing adoption of ARM64-based NVIDIA platforms in European industrial and research sectors, this vulnerability could affect organizations relying on these platforms for critical workloads. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to maintain system reliability and security posture.
Mitigation Recommendations
To mitigate CVE-2024-36884, European organizations should: 1) Apply the latest Linux kernel patches from trusted sources that correct the pointer type mismatch in the nvidia_smmu_context_fault() function. 2) For embedded devices running custom or vendor-provided kernels, coordinate with hardware vendors (e.g., NVIDIA) to obtain updated firmware and kernel versions that include the fix. 3) Implement rigorous testing of kernel updates in staging environments to ensure stability before production deployment, especially for embedded and edge systems. 4) Monitor system logs for kernel oops or crashes related to ARM SMMU IRQ handling to detect potential exploitation or triggering of the vulnerability. 5) Limit device hotplug or driver unload operations on affected systems until patches are applied, as these operations can trigger the fault. 6) Employ kernel crash dump analysis tools to investigate any unexpected reboots or panics to confirm if related to this vulnerability. 7) Maintain an inventory of devices running affected kernel versions and NVIDIA ARM64 hardware to prioritize patching efforts. 8) Engage with security advisories from Linux kernel maintainers and NVIDIA for ongoing updates and best practices.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy
CVE-2024-36884: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() This was missed because of the function pointer indirection. nvidia_smmu_context_fault() is also installed as a irq function, and the 'void *' was changed to a struct arm_smmu_domain. Since the iommu_domain is embedded at a non-zero offset this causes nvidia_smmu_context_fault() to miscompute the offset. Fixup the types. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000120 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000000107c9f000 [0000000000000120] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000096000004 [#1] SMP Modules linked in: CPU: 1 PID: 47 Comm: kworker/u25:0 Not tainted 6.9.0-0.rc7.58.eln136.aarch64 #1 Hardware name: Unknown NVIDIA Jetson Orin NX/NVIDIA Jetson Orin NX, BIOS 3.1-32827747 03/19/2023 Workqueue: events_unbound deferred_probe_work_func pstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : nvidia_smmu_context_fault+0x1c/0x158 lr : __free_irq+0x1d4/0x2e8 sp : ffff80008044b6f0 x29: ffff80008044b6f0 x28: ffff000080a60b18 x27: ffffd32b5172e970 x26: 0000000000000000 x25: ffff0000802f5aac x24: ffff0000802f5a30 x23: ffff0000802f5b60 x22: 0000000000000057 x21: 0000000000000000 x20: ffff0000802f5a00 x19: ffff000087d4cd80 x18: ffffffffffffffff x17: 6234362066666666 x16: 6630303078302d30 x15: ffff00008156d888 x14: 0000000000000000 x13: ffff0000801db910 x12: ffff00008156d6d0 x11: 0000000000000003 x10: ffff0000801db918 x9 : ffffd32b50f94d9c x8 : 1fffe0001032fda1 x7 : ffff00008197ed00 x6 : 000000000000000f x5 : 000000000000010e x4 : 000000000000010e x3 : 0000000000000000 x2 : ffffd32b51720cd8 x1 : ffff000087e6f700 x0 : 0000000000000057 Call trace: nvidia_smmu_context_fault+0x1c/0x158 __free_irq+0x1d4/0x2e8 free_irq+0x3c/0x80 devm_free_irq+0x64/0xa8 arm_smmu_domain_free+0xc4/0x158 iommu_domain_free+0x44/0xa0 iommu_deinit_device+0xd0/0xf8 __iommu_group_remove_device+0xcc/0xe0 iommu_bus_notifier+0x64/0xa8 notifier_call_chain+0x78/0x148 blocking_notifier_call_chain+0x4c/0x90 bus_notify+0x44/0x70 device_del+0x264/0x3e8 pci_remove_bus_device+0x84/0x120 pci_remove_root_bus+0x5c/0xc0 dw_pcie_host_deinit+0x38/0xe0 tegra_pcie_config_rp+0xc0/0x1f0 tegra_pcie_dw_probe+0x34c/0x700 platform_probe+0x70/0xe8 really_probe+0xc8/0x3a0 __driver_probe_device+0x84/0x160 driver_probe_device+0x44/0x130 __device_attach_driver+0xc4/0x170 bus_for_each_drv+0x90/0x100 __device_attach+0xa8/0x1c8 device_initial_probe+0x1c/0x30 bus_probe_device+0xb0/0xc0 deferred_probe_work_func+0xbc/0x120 process_one_work+0x194/0x490 worker_thread+0x284/0x3b0 kthread+0xf4/0x108 ret_from_fork+0x10/0x20 Code: a9b97bfd 910003fd a9025bf5 f85a0035 (b94122a1)
AI-Powered Analysis
Technical Analysis
CVE-2024-36884 is a vulnerability identified in the Linux kernel specifically affecting the ARM System Memory Management Unit (SMMU) driver implementation used in NVIDIA hardware, such as the NVIDIA Jetson Orin NX platform. The root cause is a type mismatch in the function pointer indirection within the nvidia_smmu_context_fault() function. This function is registered as an interrupt request (IRQ) handler but incorrectly uses a 'void *' pointer type instead of the correct 'struct arm_smmu_domain *'. Because the iommu_domain structure is embedded at a non-zero offset, this type mismatch causes the function to miscalculate memory offsets, leading to a NULL pointer dereference. The dereference occurs at a low virtual address (0x120), triggering a kernel oops and a level 0 translation fault in the memory management unit. This results in an unrecoverable kernel crash (panic) on affected systems. The vulnerability is triggered during IRQ handling related to the ARM SMMU domain freeing and device removal processes, which can be invoked during device hotplug or driver unload operations. The detailed kernel stack trace shows the fault arises during calls to free_irq and iommu_domain_free functions, indicating improper cleanup of IRQ resources due to the pointer type error. This bug was introduced due to a subtle change in the pointer type that was missed because of function pointer indirection, highlighting the complexity of kernel interrupt handling code. The vulnerability affects Linux kernel versions including 6.9.0-0.rc7.58.eln136.aarch64 and is specific to ARM64 architecture with NVIDIA SMMU hardware. No known exploits are reported in the wild as of the publication date. No CVSS score has been assigned yet. The issue is resolved by correcting the pointer type to properly reference the arm_smmu_domain structure, ensuring correct offset calculations and preventing the NULL pointer dereference and consequent kernel panic.
Potential Impact
For European organizations, the impact of CVE-2024-36884 depends largely on the deployment of affected hardware and Linux kernel versions. Organizations using NVIDIA Jetson Orin NX or similar ARM64-based embedded systems running vulnerable Linux kernels are at risk of system instability and denial of service due to kernel crashes. This can disrupt critical applications relying on these embedded platforms, such as industrial automation, IoT gateways, edge computing devices, and AI inference systems. The vulnerability could be triggered during device removal or driver unload operations, potentially causing unexpected downtime or requiring system reboots. Although no remote code execution or privilege escalation is indicated, the denial of service impact on availability can be significant for operational technology environments or edge deployments in sectors like manufacturing, automotive, and telecommunications. Given the increasing adoption of ARM64-based NVIDIA platforms in European industrial and research sectors, this vulnerability could affect organizations relying on these platforms for critical workloads. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to maintain system reliability and security posture.
Mitigation Recommendations
To mitigate CVE-2024-36884, European organizations should: 1) Apply the latest Linux kernel patches from trusted sources that correct the pointer type mismatch in the nvidia_smmu_context_fault() function. 2) For embedded devices running custom or vendor-provided kernels, coordinate with hardware vendors (e.g., NVIDIA) to obtain updated firmware and kernel versions that include the fix. 3) Implement rigorous testing of kernel updates in staging environments to ensure stability before production deployment, especially for embedded and edge systems. 4) Monitor system logs for kernel oops or crashes related to ARM SMMU IRQ handling to detect potential exploitation or triggering of the vulnerability. 5) Limit device hotplug or driver unload operations on affected systems until patches are applied, as these operations can trigger the fault. 6) Employ kernel crash dump analysis tools to investigate any unexpected reboots or panics to confirm if related to this vulnerability. 7) Maintain an inventory of devices running affected kernel versions and NVIDIA ARM64 hardware to prioritize patching efforts. 8) Engage with security advisories from Linux kernel maintainers and NVIDIA for ongoing updates and best practices.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-30T15:25:07.065Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe2581
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 9:54:47 AM
Last updated: 7/30/2025, 8:48:03 AM
Views: 11
Related Threats
CVE-2025-9053: SQL Injection in projectworlds Travel Management System
MediumCVE-2025-9052: SQL Injection in projectworlds Travel Management System
MediumPlex warns users to patch security vulnerability immediately
HighCVE-2025-9019: Heap-based Buffer Overflow in tcpreplay
LowCVE-2025-9017: Cross Site Scripting in PHPGurukul Zoo Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.