CVE-2024-40945
📋 TL;DR
A Linux kernel vulnerability in the iommu_sva_bind_device() function could potentially cause a kernel NULL pointer dereference if the function returns NULL instead of an error pointer. This affects systems using IOMMU SVA features with specific drivers (idxd and uacce). The vulnerability requires local access and specific kernel configurations to be exploitable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially allowing local privilege escalation if combined with other vulnerabilities.
Likely Case
System crash or instability when using affected IOMMU SVA features with idxd or uacce drivers in specific configurations.
If Mitigated
No impact if CONFIG_IOMMU_SVA is not enabled or affected drivers are not used.
🎯 Exploit Status
Requires local access, specific kernel configuration, and use of affected drivers. Theoretical vulnerability that hasn't been observed in practice.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel commits: 2973b8e7d127754de9013177c41c0b5547406998, 61a96da9649a6b6a1a5d5bde9374b045fdb5c12e, 6325eab6c108fed27f60ff51852e3eac0ba23f3f, 700f564758882db7c039dfba9443fe762561a3f8, 7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6
Vendor Advisory: https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable IOMMU SVA support
linuxDisable CONFIG_IOMMU_SVA kernel configuration to prevent vulnerable code path
echo 'blacklist idxd' >> /etc/modprobe.d/blacklist.conf
echo 'blacklist uacce' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Disable idxd and uacce drivers if not required for system functionality
- Ensure CONFIG_IOMMU_SVA is not enabled in kernel configuration
🔍 How to Verify
Check if Vulnerable:
Check if CONFIG_IOMMU_SVA is enabled: grep CONFIG_IOMMU_SVA /boot/config-$(uname -r) and check if idxd/uacce drivers are loaded: lsmod | grep -E 'idxd|uacce'Check Version:
uname -rVerify Fix Applied:
Check kernel version against patched commits from your distribution vendor and verify idxd/uacce drivers work without crashes📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- NULL pointer dereference errors in kernel logs
- System crashes when using idxd or uacce drivers
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "kernel panic" OR "oops") AND ("iommu" OR "sva" OR "idxd" OR "uacce")🔗 References
- https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998
- https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e
- https://git.kernel.org/stable/c/6325eab6c108fed27f60ff51852e3eac0ba23f3f
- https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8
- https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6
- https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e
- https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e
- https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998
- https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e
- https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8
- https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6
- https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e
- https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
