CVE-2024-35957
📋 TL;DR
A Linux kernel vulnerability in the Intel VT-d iommu driver causes a WARN_ON kernel warning and potential iommu probe failure when devices with duplicate source IDs are encountered. This affects systems using Intel VT-d hardware with the vulnerable kernel versions. The issue can prevent proper device initialization and cause system instability.
💻 Affected Systems
- Linux kernel with Intel VT-d iommu driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System crash or failure to initialize devices, leading to denial of service and potential data loss if critical devices fail to probe.
Likely Case
Kernel warning messages and potential failure of iommu device probing, causing some PCI devices to not function properly.
If Mitigated
Minor performance impact from WARN_ON messages but system remains operational.
🎯 Exploit Status
This is a reliability bug, not a security vulnerability with traditional exploitation. Triggering requires specific hardware configuration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel commits 89436f4f54125b1297aec1f466efd8acb4ec613d and fba8ca3e6f608b92e54271fdbd3ce569361939fc
Vendor Advisory: https://git.kernel.org/stable/c/89436f4f54125b1297aec1f466efd8acb4ec613d
Restart Required: Yes
Instructions:
1. Update to kernel version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable iommu for VT-d
linuxAdd kernel boot parameter to disable Intel VT-d iommu
Add 'intel_iommu=off' to kernel boot parameters in GRUB configuration
Disable ATS capability
linuxPrevent devices from using PCI ATS features
Add 'pci=noats' to kernel boot parameters
🧯 If You Can't Patch
- Avoid using systems with Intel VT-d hardware that triggers duplicate source IDs
- Monitor kernel logs for WARN_ON messages and be prepared for potential device initialization failures
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if WARN_ON messages appear in dmesg related to intel_iommu_probe_deviceCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and no WARN_ON messages appear during boot📡 Detection & Monitoring
Log Indicators:
- WARNING: CPU: ... at drivers/iommu/intel/iommu.c:158 intel_iommu_probe_device
- Kernel splat with call trace showing intel_iommu_probe_device
Network Indicators:
- None - local kernel issue
SIEM Query:
source="kernel" AND "intel_iommu_probe_device" AND "WARNING"