CVE-2024-36926: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE At the time of LPAR boot up, partition firmware provides Open Firmware property ibm,dma-window for the PE. This property is provided on the PCI bus the PE is attached to. There are execptions where the partition firmware might not provide this property for the PE at the time of LPAR boot up. One of the scenario is where the firmware has frozen the PE due to some error condition. This PE is frozen for 24 hours or unless the whole system is reinitialized. Within this time frame, if the LPAR is booted, the frozen PE will be presented to the LPAR but ibm,dma-window property could be missing. Today, under these circumstances, the LPAR oopses with NULL pointer dereference, when configuring the PCI bus the PE is attached to. BUG: Kernel NULL pointer dereference on read at 0x000000c8 Faulting instruction address: 0xc0000000001024c0 Oops: Kernel access of bad area, sig: 7 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries Modules linked in: Supported: Yes CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.4.0-150600.9-default #1 Hardware name: IBM,9043-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060_023) hv:phyp pSeries NIP: c0000000001024c0 LR: c0000000001024b0 CTR: c000000000102450 REGS: c0000000037db5c0 TRAP: 0300 Not tainted (6.4.0-150600.9-default) MSR: 8000000002009033 <SF,VEC,EE,ME,IR,DR,RI,LE> CR: 28000822 XER: 00000000 CFAR: c00000000010254c DAR: 00000000000000c8 DSISR: 00080000 IRQMASK: 0 ... NIP [c0000000001024c0] pci_dma_bus_setup_pSeriesLP+0x70/0x2a0 LR [c0000000001024b0] pci_dma_bus_setup_pSeriesLP+0x60/0x2a0 Call Trace: pci_dma_bus_setup_pSeriesLP+0x60/0x2a0 (unreliable) pcibios_setup_bus_self+0x1c0/0x370 __of_scan_bus+0x2f8/0x330 pcibios_scan_phb+0x280/0x3d0 pcibios_init+0x88/0x12c do_one_initcall+0x60/0x320 kernel_init_freeable+0x344/0x3e4 kernel_init+0x34/0x1d0 ret_from_kernel_user_thread+0x14/0x1c
AI Analysis
Technical Summary
CVE-2024-36926 is a vulnerability identified in the Linux kernel specifically affecting the powerpc/pseries architecture used in IBM POWER systems. The issue arises during the boot-up process of Logical Partitions (LPARs) on systems where the partition firmware is expected to provide an Open Firmware property called ibm,dma-window for the Processing Element (PE) attached to the PCI bus. Under normal conditions, this property is present and used by the kernel to configure the PCI bus correctly. However, in certain error scenarios, the firmware may freeze the PE due to an error condition, causing the ibm,dma-window property to be absent during LPAR boot. This frozen state can persist for up to 24 hours or until a full system reinitialization occurs. When the kernel attempts to configure the PCI bus without this property, it dereferences a NULL pointer, leading to a kernel oops and system crash. The technical details show a NULL pointer dereference at a specific memory address during the pci_dma_bus_setup_pSeriesLP function call, which is part of the PCI bus initialization sequence. This results in a denial of service (DoS) condition as the LPAR cannot boot properly. The vulnerability is classified under CWE-476 (NULL Pointer Dereference) and has a CVSS v3.1 base score of 6.2, indicating a medium severity. The attack vector is local (AV:L), requiring no privileges (PR:N) or user interaction (UI:N), but the impact is limited to availability (A:H) with no confidentiality or integrity loss. No known exploits are reported in the wild yet. This vulnerability affects specific Linux kernel versions identified by commit hashes, primarily those running on IBM POWER10 hardware with pSeries architecture and radix MMU. The root cause is a lack of proper validation or fallback handling when the ibm,dma-window property is missing due to a frozen PE, leading to unsafe memory access during PCI bus setup.
Potential Impact
For European organizations utilizing IBM POWER systems running Linux on pSeries architecture, this vulnerability poses a risk of system unavailability due to kernel crashes during LPAR boot. Industries relying on high-availability computing environments, such as finance, telecommunications, and critical infrastructure, could experience operational disruptions if affected systems encounter this issue. Since the vulnerability causes a denial of service at boot time, it could lead to extended downtime requiring system reinitialization or hardware intervention to clear the frozen PE state. The impact is primarily on availability with no direct compromise of data confidentiality or integrity. However, the downtime could affect business continuity and service-level agreements. Organizations running virtualized environments with LPARs on POWER hardware need to be aware that certain firmware error states can trigger this kernel panic, potentially complicating recovery procedures. Given the medium severity and local attack vector, the threat is more relevant to internal system administrators or automated processes that reboot LPARs without verifying hardware state. The absence of known exploits reduces immediate risk, but the potential for inadvertent crashes during maintenance or automated reboots remains a concern.
Mitigation Recommendations
1. Apply the latest Linux kernel patches that address CVE-2024-36926 as soon as they become available from trusted Linux distributions or directly from the Linux kernel maintainers. 2. Implement monitoring and alerting for LPAR boot failures and kernel oops events related to PCI bus initialization to detect occurrences of this issue early. 3. Coordinate with IBM firmware updates to ensure that partition firmware properly handles PE states and provides the ibm,dma-window property reliably or includes fallback mechanisms. 4. Before rebooting LPARs, verify the health and state of the PE to avoid booting with a frozen PE that lacks the required firmware properties. 5. Develop operational procedures to perform full system reinitialization if a frozen PE state is detected, as this clears the condition causing the missing property. 6. Limit automated reboot processes that do not include hardware state validation to reduce the risk of triggering the kernel panic. 7. Engage with hardware vendors and Linux distribution support channels for guidance on firmware and kernel compatibility to prevent recurrence. 8. Consider isolating critical LPAR workloads on hardware not affected by this issue or using alternative architectures until patches are applied.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Sweden, Switzerland
CVE-2024-36926: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE At the time of LPAR boot up, partition firmware provides Open Firmware property ibm,dma-window for the PE. This property is provided on the PCI bus the PE is attached to. There are execptions where the partition firmware might not provide this property for the PE at the time of LPAR boot up. One of the scenario is where the firmware has frozen the PE due to some error condition. This PE is frozen for 24 hours or unless the whole system is reinitialized. Within this time frame, if the LPAR is booted, the frozen PE will be presented to the LPAR but ibm,dma-window property could be missing. Today, under these circumstances, the LPAR oopses with NULL pointer dereference, when configuring the PCI bus the PE is attached to. BUG: Kernel NULL pointer dereference on read at 0x000000c8 Faulting instruction address: 0xc0000000001024c0 Oops: Kernel access of bad area, sig: 7 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries Modules linked in: Supported: Yes CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.4.0-150600.9-default #1 Hardware name: IBM,9043-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060_023) hv:phyp pSeries NIP: c0000000001024c0 LR: c0000000001024b0 CTR: c000000000102450 REGS: c0000000037db5c0 TRAP: 0300 Not tainted (6.4.0-150600.9-default) MSR: 8000000002009033 <SF,VEC,EE,ME,IR,DR,RI,LE> CR: 28000822 XER: 00000000 CFAR: c00000000010254c DAR: 00000000000000c8 DSISR: 00080000 IRQMASK: 0 ... NIP [c0000000001024c0] pci_dma_bus_setup_pSeriesLP+0x70/0x2a0 LR [c0000000001024b0] pci_dma_bus_setup_pSeriesLP+0x60/0x2a0 Call Trace: pci_dma_bus_setup_pSeriesLP+0x60/0x2a0 (unreliable) pcibios_setup_bus_self+0x1c0/0x370 __of_scan_bus+0x2f8/0x330 pcibios_scan_phb+0x280/0x3d0 pcibios_init+0x88/0x12c do_one_initcall+0x60/0x320 kernel_init_freeable+0x344/0x3e4 kernel_init+0x34/0x1d0 ret_from_kernel_user_thread+0x14/0x1c
AI-Powered Analysis
Technical Analysis
CVE-2024-36926 is a vulnerability identified in the Linux kernel specifically affecting the powerpc/pseries architecture used in IBM POWER systems. The issue arises during the boot-up process of Logical Partitions (LPARs) on systems where the partition firmware is expected to provide an Open Firmware property called ibm,dma-window for the Processing Element (PE) attached to the PCI bus. Under normal conditions, this property is present and used by the kernel to configure the PCI bus correctly. However, in certain error scenarios, the firmware may freeze the PE due to an error condition, causing the ibm,dma-window property to be absent during LPAR boot. This frozen state can persist for up to 24 hours or until a full system reinitialization occurs. When the kernel attempts to configure the PCI bus without this property, it dereferences a NULL pointer, leading to a kernel oops and system crash. The technical details show a NULL pointer dereference at a specific memory address during the pci_dma_bus_setup_pSeriesLP function call, which is part of the PCI bus initialization sequence. This results in a denial of service (DoS) condition as the LPAR cannot boot properly. The vulnerability is classified under CWE-476 (NULL Pointer Dereference) and has a CVSS v3.1 base score of 6.2, indicating a medium severity. The attack vector is local (AV:L), requiring no privileges (PR:N) or user interaction (UI:N), but the impact is limited to availability (A:H) with no confidentiality or integrity loss. No known exploits are reported in the wild yet. This vulnerability affects specific Linux kernel versions identified by commit hashes, primarily those running on IBM POWER10 hardware with pSeries architecture and radix MMU. The root cause is a lack of proper validation or fallback handling when the ibm,dma-window property is missing due to a frozen PE, leading to unsafe memory access during PCI bus setup.
Potential Impact
For European organizations utilizing IBM POWER systems running Linux on pSeries architecture, this vulnerability poses a risk of system unavailability due to kernel crashes during LPAR boot. Industries relying on high-availability computing environments, such as finance, telecommunications, and critical infrastructure, could experience operational disruptions if affected systems encounter this issue. Since the vulnerability causes a denial of service at boot time, it could lead to extended downtime requiring system reinitialization or hardware intervention to clear the frozen PE state. The impact is primarily on availability with no direct compromise of data confidentiality or integrity. However, the downtime could affect business continuity and service-level agreements. Organizations running virtualized environments with LPARs on POWER hardware need to be aware that certain firmware error states can trigger this kernel panic, potentially complicating recovery procedures. Given the medium severity and local attack vector, the threat is more relevant to internal system administrators or automated processes that reboot LPARs without verifying hardware state. The absence of known exploits reduces immediate risk, but the potential for inadvertent crashes during maintenance or automated reboots remains a concern.
Mitigation Recommendations
1. Apply the latest Linux kernel patches that address CVE-2024-36926 as soon as they become available from trusted Linux distributions or directly from the Linux kernel maintainers. 2. Implement monitoring and alerting for LPAR boot failures and kernel oops events related to PCI bus initialization to detect occurrences of this issue early. 3. Coordinate with IBM firmware updates to ensure that partition firmware properly handles PE states and provides the ibm,dma-window property reliably or includes fallback mechanisms. 4. Before rebooting LPARs, verify the health and state of the PE to avoid booting with a frozen PE that lacks the required firmware properties. 5. Develop operational procedures to perform full system reinitialization if a frozen PE state is detected, as this clears the condition causing the missing property. 6. Limit automated reboot processes that do not include hardware state validation to reduce the risk of triggering the kernel panic. 7. Engage with hardware vendors and Linux distribution support channels for guidance on firmware and kernel compatibility to prevent recurrence. 8. Consider isolating critical LPAR workloads on hardware not affected by this issue or using alternative architectures until patches are applied.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-30T15:25:07.069Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9819c4522896dcbd8e1f
Added to database: 5/21/2025, 9:08:41 AM
Last enriched: 7/5/2025, 9:56:07 AM
Last updated: 7/28/2025, 2:55:15 PM
Views: 10
Related Threats
CVE-2025-34154: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Synergetic Data Systems Inc. UnForm Server Manager
CriticalCVE-2025-8927: Improper Restriction of Excessive Authentication Attempts in mtons mblog
MediumCVE-2025-43988: n/a
CriticalCVE-2025-8926: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-43986: n/a
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.