CVE-2024-47719: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: iommufd: Protect against overflow of ALIGN() during iova allocation Userspace can supply an iova and uptr such that the target iova alignment becomes really big and ALIGN() overflows which corrupts the selected area range during allocation. CONFIG_IOMMUFD_TEST can detect this: WARNING: CPU: 1 PID: 5092 at drivers/iommu/iommufd/io_pagetable.c:268 iopt_alloc_area_pages drivers/iommu/iommufd/io_pagetable.c:268 [inline] WARNING: CPU: 1 PID: 5092 at drivers/iommu/iommufd/io_pagetable.c:268 iopt_map_pages+0xf95/0x1050 drivers/iommu/iommufd/io_pagetable.c:352 Modules linked in: CPU: 1 PID: 5092 Comm: syz-executor294 Not tainted 6.10.0-rc5-syzkaller-00294-g3ffea9a7a6f7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 RIP: 0010:iopt_alloc_area_pages drivers/iommu/iommufd/io_pagetable.c:268 [inline] RIP: 0010:iopt_map_pages+0xf95/0x1050 drivers/iommu/iommufd/io_pagetable.c:352 Code: fc e9 a4 f3 ff ff e8 1a 8b 4c fc 41 be e4 ff ff ff e9 8a f3 ff ff e8 0a 8b 4c fc 90 0f 0b 90 e9 37 f5 ff ff e8 fc 8a 4c fc 90 <0f> 0b 90 e9 68 f3 ff ff 48 c7 c1 ec 82 ad 8f 80 e1 07 80 c1 03 38 RSP: 0018:ffffc90003ebf9e0 EFLAGS: 00010293 RAX: ffffffff85499fa4 RBX: 00000000ffffffef RCX: ffff888079b49e00 RDX: 0000000000000000 RSI: 00000000ffffffef RDI: 0000000000000000 RBP: ffffc90003ebfc50 R08: ffffffff85499b30 R09: ffffffff85499942 R10: 0000000000000002 R11: ffff888079b49e00 R12: ffff8880228e0010 R13: 0000000000000000 R14: 1ffff920007d7f68 R15: ffffc90003ebfd00 FS: 000055557d760380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000005fdeb8 CR3: 000000007404a000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> iommufd_ioas_copy+0x610/0x7b0 drivers/iommu/iommufd/ioas.c:274 iommufd_fops_ioctl+0x4d9/0x5a0 drivers/iommu/iommufd/main.c:421 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Cap the automatic alignment to the huge page size, which is probably a better idea overall. Huge automatic alignments can fragment and chew up the available IOVA space without any reason.
AI Analysis
Technical Summary
CVE-2024-47719 is a vulnerability identified in the Linux kernel's IOMMU (Input-Output Memory Management Unit) subsystem, specifically within the iommufd driver responsible for managing IOVA (Input-Output Virtual Address) allocations. The flaw arises due to an integer overflow in the ALIGN() macro during IOVA allocation when userspace supplies specially crafted iova and uptr values. This overflow causes the alignment calculation to wrap around, resulting in corruption of the allocated memory range. The vulnerability is triggered in the function iopt_alloc_area_pages within the io_pagetable.c source file. The root cause is that the automatic alignment can become excessively large, leading to fragmentation and improper handling of the IOVA space. The patch approach involves capping the automatic alignment to the huge page size, which prevents the overflow and reduces unnecessary fragmentation. Exploitation requires interaction with the iommufd interface, which is typically accessed via ioctl system calls. The vulnerability does not appear to require elevated privileges initially but does require userspace interaction with the vulnerable driver. There are no known exploits in the wild as of the publication date. The vulnerability affects Linux kernel versions around the 6.10.0-rc5 release candidate and likely other versions containing the iommufd driver with the flawed allocation logic. This vulnerability could be leveraged to cause memory corruption within the kernel's IOMMU subsystem, potentially leading to denial of service (kernel panic) or escalation of privileges if combined with other bugs. However, exploitation complexity is moderate due to the need to interact with specific kernel interfaces and supply carefully crafted parameters.
Potential Impact
For European organizations, the impact of CVE-2024-47719 depends largely on their deployment of Linux systems utilizing the iommufd driver, which is commonly found in environments leveraging advanced IOMMU features for device virtualization, such as cloud infrastructure, data centers, and high-performance computing clusters. Successful exploitation could lead to kernel memory corruption, causing system instability or crashes, resulting in denial of service. In multi-tenant environments, this could disrupt critical services or virtual machines. Furthermore, if exploited in conjunction with other vulnerabilities, it could enable privilege escalation, threatening confidentiality and integrity of sensitive data. Given the widespread use of Linux in European public sector, financial institutions, and technology providers, any disruption or compromise could have significant operational and reputational consequences. The vulnerability's exploitation requires userspace access to the iommufd interface, which may be restricted in hardened environments, somewhat limiting the attack surface. However, organizations running containerized workloads or cloud platforms with less restrictive access controls may be more exposed. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits post-disclosure.
Mitigation Recommendations
European organizations should implement the following specific mitigations: 1) Apply the official Linux kernel patches that cap the automatic alignment to the huge page size, as soon as they become available for their kernel versions. 2) Restrict access to the iommufd interface by enforcing strict permissions and limiting ioctl calls to trusted users and processes only. 3) Employ kernel lockdown features and mandatory access controls (e.g., SELinux, AppArmor) to reduce the ability of unprivileged users to interact with kernel drivers. 4) Monitor kernel logs for warnings related to iommufd allocations, as CONFIG_IOMMUFD_TEST can detect anomalous alignment conditions indicative of exploitation attempts. 5) In virtualized environments, isolate workloads and minimize exposure of IOMMU interfaces to untrusted tenants. 6) Maintain up-to-date inventories of Linux kernel versions in use and prioritize patching of systems running affected versions. 7) Conduct penetration testing focusing on IOMMU interfaces to identify potential exploitation paths. These steps go beyond generic advice by focusing on access control to the vulnerable interface, proactive detection, and environment-specific hardening.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland, Belgium
CVE-2024-47719: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: iommufd: Protect against overflow of ALIGN() during iova allocation Userspace can supply an iova and uptr such that the target iova alignment becomes really big and ALIGN() overflows which corrupts the selected area range during allocation. CONFIG_IOMMUFD_TEST can detect this: WARNING: CPU: 1 PID: 5092 at drivers/iommu/iommufd/io_pagetable.c:268 iopt_alloc_area_pages drivers/iommu/iommufd/io_pagetable.c:268 [inline] WARNING: CPU: 1 PID: 5092 at drivers/iommu/iommufd/io_pagetable.c:268 iopt_map_pages+0xf95/0x1050 drivers/iommu/iommufd/io_pagetable.c:352 Modules linked in: CPU: 1 PID: 5092 Comm: syz-executor294 Not tainted 6.10.0-rc5-syzkaller-00294-g3ffea9a7a6f7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 RIP: 0010:iopt_alloc_area_pages drivers/iommu/iommufd/io_pagetable.c:268 [inline] RIP: 0010:iopt_map_pages+0xf95/0x1050 drivers/iommu/iommufd/io_pagetable.c:352 Code: fc e9 a4 f3 ff ff e8 1a 8b 4c fc 41 be e4 ff ff ff e9 8a f3 ff ff e8 0a 8b 4c fc 90 0f 0b 90 e9 37 f5 ff ff e8 fc 8a 4c fc 90 <0f> 0b 90 e9 68 f3 ff ff 48 c7 c1 ec 82 ad 8f 80 e1 07 80 c1 03 38 RSP: 0018:ffffc90003ebf9e0 EFLAGS: 00010293 RAX: ffffffff85499fa4 RBX: 00000000ffffffef RCX: ffff888079b49e00 RDX: 0000000000000000 RSI: 00000000ffffffef RDI: 0000000000000000 RBP: ffffc90003ebfc50 R08: ffffffff85499b30 R09: ffffffff85499942 R10: 0000000000000002 R11: ffff888079b49e00 R12: ffff8880228e0010 R13: 0000000000000000 R14: 1ffff920007d7f68 R15: ffffc90003ebfd00 FS: 000055557d760380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000005fdeb8 CR3: 000000007404a000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> iommufd_ioas_copy+0x610/0x7b0 drivers/iommu/iommufd/ioas.c:274 iommufd_fops_ioctl+0x4d9/0x5a0 drivers/iommu/iommufd/main.c:421 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Cap the automatic alignment to the huge page size, which is probably a better idea overall. Huge automatic alignments can fragment and chew up the available IOVA space without any reason.
AI-Powered Analysis
Technical Analysis
CVE-2024-47719 is a vulnerability identified in the Linux kernel's IOMMU (Input-Output Memory Management Unit) subsystem, specifically within the iommufd driver responsible for managing IOVA (Input-Output Virtual Address) allocations. The flaw arises due to an integer overflow in the ALIGN() macro during IOVA allocation when userspace supplies specially crafted iova and uptr values. This overflow causes the alignment calculation to wrap around, resulting in corruption of the allocated memory range. The vulnerability is triggered in the function iopt_alloc_area_pages within the io_pagetable.c source file. The root cause is that the automatic alignment can become excessively large, leading to fragmentation and improper handling of the IOVA space. The patch approach involves capping the automatic alignment to the huge page size, which prevents the overflow and reduces unnecessary fragmentation. Exploitation requires interaction with the iommufd interface, which is typically accessed via ioctl system calls. The vulnerability does not appear to require elevated privileges initially but does require userspace interaction with the vulnerable driver. There are no known exploits in the wild as of the publication date. The vulnerability affects Linux kernel versions around the 6.10.0-rc5 release candidate and likely other versions containing the iommufd driver with the flawed allocation logic. This vulnerability could be leveraged to cause memory corruption within the kernel's IOMMU subsystem, potentially leading to denial of service (kernel panic) or escalation of privileges if combined with other bugs. However, exploitation complexity is moderate due to the need to interact with specific kernel interfaces and supply carefully crafted parameters.
Potential Impact
For European organizations, the impact of CVE-2024-47719 depends largely on their deployment of Linux systems utilizing the iommufd driver, which is commonly found in environments leveraging advanced IOMMU features for device virtualization, such as cloud infrastructure, data centers, and high-performance computing clusters. Successful exploitation could lead to kernel memory corruption, causing system instability or crashes, resulting in denial of service. In multi-tenant environments, this could disrupt critical services or virtual machines. Furthermore, if exploited in conjunction with other vulnerabilities, it could enable privilege escalation, threatening confidentiality and integrity of sensitive data. Given the widespread use of Linux in European public sector, financial institutions, and technology providers, any disruption or compromise could have significant operational and reputational consequences. The vulnerability's exploitation requires userspace access to the iommufd interface, which may be restricted in hardened environments, somewhat limiting the attack surface. However, organizations running containerized workloads or cloud platforms with less restrictive access controls may be more exposed. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits post-disclosure.
Mitigation Recommendations
European organizations should implement the following specific mitigations: 1) Apply the official Linux kernel patches that cap the automatic alignment to the huge page size, as soon as they become available for their kernel versions. 2) Restrict access to the iommufd interface by enforcing strict permissions and limiting ioctl calls to trusted users and processes only. 3) Employ kernel lockdown features and mandatory access controls (e.g., SELinux, AppArmor) to reduce the ability of unprivileged users to interact with kernel drivers. 4) Monitor kernel logs for warnings related to iommufd allocations, as CONFIG_IOMMUFD_TEST can detect anomalous alignment conditions indicative of exploitation attempts. 5) In virtualized environments, isolate workloads and minimize exposure of IOMMU interfaces to untrusted tenants. 6) Maintain up-to-date inventories of Linux kernel versions in use and prioritize patching of systems running affected versions. 7) Conduct penetration testing focusing on IOMMU interfaces to identify potential exploitation paths. These steps go beyond generic advice by focusing on access control to the vulnerable interface, proactive detection, and environment-specific hardening.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-09-30T16:00:12.949Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9825c4522896dcbe05b0
Added to database: 5/21/2025, 9:08:53 AM
Last enriched: 6/28/2025, 7:56:19 PM
Last updated: 7/31/2025, 1:23:21 PM
Views: 9
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.