CVE-2024-57999: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW Power Hypervisor can possibily allocate MMIO window intersecting with Dynamic DMA Window (DDW) range, which is over 32-bit addressing. These MMIO pages needs to be marked as reserved so that IOMMU doesn't map DMA buffers in this range. The current code is not marking these pages correctly which is resulting in LPAR to OOPS while booting. The stack is at below BUG: Unable to handle kernel data access on read at 0xc00800005cd40000 Faulting instruction address: 0xc00000000005cdac Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries Modules linked in: af_packet rfkill ibmveth(X) lpfc(+) nvmet_fc nvmet nvme_keyring crct10dif_vpmsum nvme_fc nvme_fabrics nvme_core be2net(+) nvme_auth rtc_generic nfsd auth_rpcgss nfs_acl lockd grace sunrpc fuse configfs ip_tables x_tables xfs libcrc32c dm_service_time ibmvfc(X) scsi_transport_fc vmx_crypto gf128mul crc32c_vpmsum dm_mirror dm_region_hash dm_log dm_multipath dm_mod sd_mod scsi_dh_emc scsi_dh_rdac scsi_dh_alua t10_pi crc64_rocksoft_generic crc64_rocksoft sg crc64 scsi_mod Supported: Yes, External CPU: 8 PID: 241 Comm: kworker/8:1 Kdump: loaded Not tainted 6.4.0-150600.23.14-default #1 SLE15-SP6 b44ee71c81261b9e4bab5e0cde1f2ed891d5359b Hardware name: IBM,9080-M9S POWER9 (raw) 0x4e2103 0xf000005 of:IBM,FW950.B0 (VH950_149) hv:phyp pSeries Workqueue: events work_for_cpu_fn NIP: c00000000005cdac LR: c00000000005e830 CTR: 0000000000000000 REGS: c00001400c9ff770 TRAP: 0300 Not tainted (6.4.0-150600.23.14-default) MSR: 800000000280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 24228448 XER: 00000001 CFAR: c00000000005cdd4 DAR: c00800005cd40000 DSISR: 40000000 IRQMASK: 0 GPR00: c00000000005e830 c00001400c9ffa10 c000000001987d00 c00001400c4fe800 GPR04: 0000080000000000 0000000000000001 0000000004000000 0000000000800000 GPR08: 0000000004000000 0000000000000001 c00800005cd40000 ffffffffffffffff GPR12: 0000000084228882 c00000000a4c4f00 0000000000000010 0000080000000000 GPR16: c00001400c4fe800 0000000004000000 0800000000000000 c00000006088b800 GPR20: c00001401a7be980 c00001400eff3800 c000000002a2da68 000000000000002b GPR24: c0000000026793a8 c000000002679368 000000000000002a c0000000026793c8 GPR28: 000008007effffff 0000080000000000 0000000000800000 c00001400c4fe800 NIP [c00000000005cdac] iommu_table_reserve_pages+0xac/0x100 LR [c00000000005e830] iommu_init_table+0x80/0x1e0 Call Trace: [c00001400c9ffa10] [c00000000005e810] iommu_init_table+0x60/0x1e0 (unreliable) [c00001400c9ffa90] [c00000000010356c] iommu_bypass_supported_pSeriesLP+0x9cc/0xe40 [c00001400c9ffc30] [c00000000005c300] dma_iommu_dma_supported+0xf0/0x230 [c00001400c9ffcb0] [c00000000024b0c4] dma_supported+0x44/0x90 [c00001400c9ffcd0] [c00000000024b14c] dma_set_mask+0x3c/0x80 [c00001400c9ffd00] [c0080000555b715c] be_probe+0xc4/0xb90 [be2net] [c00001400c9ffdc0] [c000000000986f3c] local_pci_probe+0x6c/0x110 [c00001400c9ffe40] [c000000000188f28] work_for_cpu_fn+0x38/0x60 [c00001400c9ffe70] [c00000000018e454] process_one_work+0x314/0x620 [c00001400c9fff10] [c00000000018f280] worker_thread+0x2b0/0x620 [c00001400c9fff90] [c00000000019bb18] kthread+0x148/0x150 [c00001400c9fffe0] [c00000000000ded8] start_kernel_thread+0x14/0x18 There are 2 issues in the code 1. The index is "int" while the address is "unsigned long". This results in negative value when setting the bitmap. 2. The DMA offset is page shifted but the MMIO range is used as-is (64-bit address). MMIO address needs to be page shifted as well.
AI Analysis
Technical Summary
CVE-2024-57999 is a vulnerability identified in the Linux kernel specifically affecting the PowerPC pSeries platform's IOMMU (Input-Output Memory Management Unit) implementation. The issue arises from incorrect handling of MMIO (Memory-Mapped I/O) ranges in relation to the Dynamic DMA Window (DDW) within the Power Hypervisor environment. The vulnerability stems from two key coding errors: first, an index variable used as an integer type while the address is an unsigned long, causing negative values when setting the bitmap; second, a mismatch in address shifting where the DMA offset is page-shifted but the MMIO range is not, leading to improper marking of MMIO pages. This improper marking results in the IOMMU potentially mapping DMA buffers into reserved MMIO ranges, which should be protected. The consequence is that during system boot, the Logical Partition (LPAR) can experience a kernel oops (crash) due to illegal memory access, as demonstrated by the detailed kernel stack trace provided. This bug affects Linux kernel versions including the one referenced by the commit hash 3c33066a21903076722a2881556a92aa3cd7d359 and is specifically relevant to IBM POWER9 hardware running the pSeries platform with the Power Hypervisor. While no known exploits are currently reported in the wild, the vulnerability can cause system instability and denial of service due to kernel crashes during boot or operation involving IOMMU and DMA buffer management. The root cause is a failure to reserve MMIO pages correctly, which is critical for maintaining memory isolation and preventing unauthorized or erroneous DMA access in virtualized environments on PowerPC architectures.
Potential Impact
For European organizations utilizing IBM Power Systems running Linux on the pSeries platform, particularly those employing Power Hypervisor virtualization, this vulnerability poses a risk of system instability and denial of service. The kernel oops triggered by this flaw can cause unexpected crashes during boot or runtime, potentially leading to downtime of critical infrastructure. This is especially impactful for data centers, cloud providers, and enterprises relying on POWER9 hardware for high-performance computing, virtualization, or mission-critical workloads. The inability to correctly isolate MMIO ranges could also theoretically be leveraged in complex attack scenarios to disrupt system operations or compromise data integrity, although no direct exploitation is currently known. Given the specialized hardware and software environment, the impact is limited to organizations with this specific setup, but for those affected, the consequences include reduced availability, potential data loss from abrupt crashes, and increased operational costs due to troubleshooting and patching efforts.
Mitigation Recommendations
Organizations should prioritize updating their Linux kernel to a version that includes the patch resolving CVE-2024-57999. Since the vulnerability relates to low-level kernel memory management on PowerPC pSeries systems, applying vendor-supplied kernel updates or patches from trusted Linux distributions (e.g., SUSE Linux Enterprise Server for POWER) is critical. Additionally, administrators should audit their systems to confirm they are running supported kernel versions and verify that Power Hypervisor firmware is up to date to avoid compatibility issues. For environments where immediate patching is not feasible, consider isolating affected systems from untrusted networks and limiting access to reduce risk exposure. Monitoring system logs for kernel oops or related errors can help detect attempts to trigger the vulnerability. Finally, coordinate with hardware and software vendors to ensure comprehensive remediation and validate system stability post-patching.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Sweden, Switzerland
CVE-2024-57999: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW Power Hypervisor can possibily allocate MMIO window intersecting with Dynamic DMA Window (DDW) range, which is over 32-bit addressing. These MMIO pages needs to be marked as reserved so that IOMMU doesn't map DMA buffers in this range. The current code is not marking these pages correctly which is resulting in LPAR to OOPS while booting. The stack is at below BUG: Unable to handle kernel data access on read at 0xc00800005cd40000 Faulting instruction address: 0xc00000000005cdac Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries Modules linked in: af_packet rfkill ibmveth(X) lpfc(+) nvmet_fc nvmet nvme_keyring crct10dif_vpmsum nvme_fc nvme_fabrics nvme_core be2net(+) nvme_auth rtc_generic nfsd auth_rpcgss nfs_acl lockd grace sunrpc fuse configfs ip_tables x_tables xfs libcrc32c dm_service_time ibmvfc(X) scsi_transport_fc vmx_crypto gf128mul crc32c_vpmsum dm_mirror dm_region_hash dm_log dm_multipath dm_mod sd_mod scsi_dh_emc scsi_dh_rdac scsi_dh_alua t10_pi crc64_rocksoft_generic crc64_rocksoft sg crc64 scsi_mod Supported: Yes, External CPU: 8 PID: 241 Comm: kworker/8:1 Kdump: loaded Not tainted 6.4.0-150600.23.14-default #1 SLE15-SP6 b44ee71c81261b9e4bab5e0cde1f2ed891d5359b Hardware name: IBM,9080-M9S POWER9 (raw) 0x4e2103 0xf000005 of:IBM,FW950.B0 (VH950_149) hv:phyp pSeries Workqueue: events work_for_cpu_fn NIP: c00000000005cdac LR: c00000000005e830 CTR: 0000000000000000 REGS: c00001400c9ff770 TRAP: 0300 Not tainted (6.4.0-150600.23.14-default) MSR: 800000000280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 24228448 XER: 00000001 CFAR: c00000000005cdd4 DAR: c00800005cd40000 DSISR: 40000000 IRQMASK: 0 GPR00: c00000000005e830 c00001400c9ffa10 c000000001987d00 c00001400c4fe800 GPR04: 0000080000000000 0000000000000001 0000000004000000 0000000000800000 GPR08: 0000000004000000 0000000000000001 c00800005cd40000 ffffffffffffffff GPR12: 0000000084228882 c00000000a4c4f00 0000000000000010 0000080000000000 GPR16: c00001400c4fe800 0000000004000000 0800000000000000 c00000006088b800 GPR20: c00001401a7be980 c00001400eff3800 c000000002a2da68 000000000000002b GPR24: c0000000026793a8 c000000002679368 000000000000002a c0000000026793c8 GPR28: 000008007effffff 0000080000000000 0000000000800000 c00001400c4fe800 NIP [c00000000005cdac] iommu_table_reserve_pages+0xac/0x100 LR [c00000000005e830] iommu_init_table+0x80/0x1e0 Call Trace: [c00001400c9ffa10] [c00000000005e810] iommu_init_table+0x60/0x1e0 (unreliable) [c00001400c9ffa90] [c00000000010356c] iommu_bypass_supported_pSeriesLP+0x9cc/0xe40 [c00001400c9ffc30] [c00000000005c300] dma_iommu_dma_supported+0xf0/0x230 [c00001400c9ffcb0] [c00000000024b0c4] dma_supported+0x44/0x90 [c00001400c9ffcd0] [c00000000024b14c] dma_set_mask+0x3c/0x80 [c00001400c9ffd00] [c0080000555b715c] be_probe+0xc4/0xb90 [be2net] [c00001400c9ffdc0] [c000000000986f3c] local_pci_probe+0x6c/0x110 [c00001400c9ffe40] [c000000000188f28] work_for_cpu_fn+0x38/0x60 [c00001400c9ffe70] [c00000000018e454] process_one_work+0x314/0x620 [c00001400c9fff10] [c00000000018f280] worker_thread+0x2b0/0x620 [c00001400c9fff90] [c00000000019bb18] kthread+0x148/0x150 [c00001400c9fffe0] [c00000000000ded8] start_kernel_thread+0x14/0x18 There are 2 issues in the code 1. The index is "int" while the address is "unsigned long". This results in negative value when setting the bitmap. 2. The DMA offset is page shifted but the MMIO range is used as-is (64-bit address). MMIO address needs to be page shifted as well.
AI-Powered Analysis
Technical Analysis
CVE-2024-57999 is a vulnerability identified in the Linux kernel specifically affecting the PowerPC pSeries platform's IOMMU (Input-Output Memory Management Unit) implementation. The issue arises from incorrect handling of MMIO (Memory-Mapped I/O) ranges in relation to the Dynamic DMA Window (DDW) within the Power Hypervisor environment. The vulnerability stems from two key coding errors: first, an index variable used as an integer type while the address is an unsigned long, causing negative values when setting the bitmap; second, a mismatch in address shifting where the DMA offset is page-shifted but the MMIO range is not, leading to improper marking of MMIO pages. This improper marking results in the IOMMU potentially mapping DMA buffers into reserved MMIO ranges, which should be protected. The consequence is that during system boot, the Logical Partition (LPAR) can experience a kernel oops (crash) due to illegal memory access, as demonstrated by the detailed kernel stack trace provided. This bug affects Linux kernel versions including the one referenced by the commit hash 3c33066a21903076722a2881556a92aa3cd7d359 and is specifically relevant to IBM POWER9 hardware running the pSeries platform with the Power Hypervisor. While no known exploits are currently reported in the wild, the vulnerability can cause system instability and denial of service due to kernel crashes during boot or operation involving IOMMU and DMA buffer management. The root cause is a failure to reserve MMIO pages correctly, which is critical for maintaining memory isolation and preventing unauthorized or erroneous DMA access in virtualized environments on PowerPC architectures.
Potential Impact
For European organizations utilizing IBM Power Systems running Linux on the pSeries platform, particularly those employing Power Hypervisor virtualization, this vulnerability poses a risk of system instability and denial of service. The kernel oops triggered by this flaw can cause unexpected crashes during boot or runtime, potentially leading to downtime of critical infrastructure. This is especially impactful for data centers, cloud providers, and enterprises relying on POWER9 hardware for high-performance computing, virtualization, or mission-critical workloads. The inability to correctly isolate MMIO ranges could also theoretically be leveraged in complex attack scenarios to disrupt system operations or compromise data integrity, although no direct exploitation is currently known. Given the specialized hardware and software environment, the impact is limited to organizations with this specific setup, but for those affected, the consequences include reduced availability, potential data loss from abrupt crashes, and increased operational costs due to troubleshooting and patching efforts.
Mitigation Recommendations
Organizations should prioritize updating their Linux kernel to a version that includes the patch resolving CVE-2024-57999. Since the vulnerability relates to low-level kernel memory management on PowerPC pSeries systems, applying vendor-supplied kernel updates or patches from trusted Linux distributions (e.g., SUSE Linux Enterprise Server for POWER) is critical. Additionally, administrators should audit their systems to confirm they are running supported kernel versions and verify that Power Hypervisor firmware is up to date to avoid compatibility issues. For environments where immediate patching is not feasible, consider isolating affected systems from untrusted networks and limiting access to reduce risk exposure. Monitoring system logs for kernel oops or related errors can help detect attempts to trigger the vulnerability. Finally, coordinate with hardware and software vendors to ensure comprehensive remediation and validate system stability post-patching.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-27T02:04:28.915Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbdec53
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 6/28/2025, 9:42:26 AM
Last updated: 7/31/2025, 11:38:46 AM
Views: 14
Related Threats
CVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9087: Stack-based Buffer Overflow in Tenda AC20
HighTop Israeli Cybersecurity Director Arrested in US Child Exploitation Sting
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.