CVE-2024-36925 is a vulnerability identified in the Linux kernel related to the handling of restricted DMA pools when used in conjunction with dynamic SWIOTLB (Software Input/Output Translation Lookaside Buffer). Specifically, the issue arises when the kernel is configured with CONFIG_DMA_RESTRICTED_POOL=y and CONFIG_SWIOTLB_DYNAMIC=y. During the boot process, the initialization of restricted DMA pools leads to a NULL pointer dereference crash. The root cause is that the 'mem->pools' list_head is not properly initialized before it is used in the add_mem_pool() function, which attempts to add an entry to this list using list_add_rcu(). This results in a kernel oops and system crash, as evidenced by the stack trace pointing to rmem_swiotlb_device_init and related functions. The problem is located in kernel/dma/swiotlb.c and involves list validation code in include/linux/list.h and include/linux/rculist.h. The fix involves initializing the 'mem->pools' list_head in rmem_swiotlb_device_init() before any additions are made to the list, preventing the NULL pointer dereference and subsequent crash. This vulnerability affects Linux kernel versions identified by the provided commit hashes and was published on May 30, 2024. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet.

For European organizations, this vulnerability primarily poses a risk of system instability and denial of service (DoS) due to kernel crashes during boot when the affected configurations are used. Systems relying on restricted DMA pools with dynamic SWIOTLB enabled may fail to start or reboot properly, leading to potential downtime and disruption of critical services. This is particularly impactful for environments running customized or embedded Linux kernels with these specific configurations, such as telecommunications infrastructure, industrial control systems, and certain cloud or data center environments that utilize advanced DMA configurations for performance or security reasons. While the vulnerability does not directly lead to privilege escalation or data leakage, the availability impact can be significant, especially in high-availability or real-time systems. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental crashes or potential targeted attacks exploiting this flaw.

European organizations should take the following specific actions: 1) Identify Linux systems running kernels with CONFIG_DMA_RESTRICTED_POOL=y and CONFIG_SWIOTLB_DYNAMIC=y enabled, especially those using custom or embedded kernel builds. 2) Apply the official Linux kernel patch that initializes the 'mem->pools' list_head in rmem_swiotlb_device_init() as soon as it becomes available from trusted sources or kernel maintainers. 3) For systems where immediate patching is not feasible, consider disabling either CONFIG_DMA_RESTRICTED_POOL or CONFIG_SWIOTLB_DYNAMIC if operationally acceptable, to avoid triggering the vulnerable code path. 4) Implement robust boot-time monitoring and automated recovery mechanisms to detect and remediate kernel crashes promptly. 5) Engage with hardware and software vendors to ensure updated kernel versions are provided for affected devices. 6) Conduct thorough testing of updated kernels in staging environments to confirm stability before deployment. 7) Maintain inventory and configuration management to track affected kernel versions and configurations across the organization.