CVE-2024-56669
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's Intel IOMMU driver (VT-d) can cause kernel crashes when cache tags aren't properly cleaned before disabling Address Translation Services (ATS). This affects systems using PCI passthrough with multiple Virtual Functions from different Physical Functions to a single user-space process via vfio-pci.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or corruption in active processes.
Likely Case
System crash when using specific vfio-pci configurations with multiple VFs from different PFs, resulting in denial of service.
If Mitigated
No impact if not using affected vfio-pci configurations or if patched.
🎯 Exploit Status
Exploitation requires triggering the specific code path through vfio-pci operations with multiple VFs.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits 1f2557e08a617a4b5e92a48a1a9a6f86621def18 and 9a0a72d3ed919ebe6491f527630998be053151d8
Vendor Advisory: https://git.kernel.org/stable/c/1f2557e08a617a4b5e92a48a1a9a6f86621def18
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check with your distribution for backported patches. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Avoid vulnerable vfio-pci configuration
linuxDo not pass multiple Virtual Functions from different Physical Functions to a single user-space process via vfio-pci
🧯 If You Can't Patch
- Avoid using vfio-pci with multiple VFs from different PFs to single processes
- Monitor systems for kernel crashes related to vfio_iommu_type1 or cache_tag_flush_range
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if using vfio-pci with multiple VFs from different PFs: uname -r and check /sys/bus/pci/drivers/vfio-pci/Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: grep -q '1f2557e08a617a4b5e92a48a1a9a6f86621def18\|9a0a72d3ed919ebe6491f527630998be053151d8' /proc/version_signature || echo 'Check kernel changelog'📡 Detection & Monitoring
Log Indicators:
- Kernel NULL pointer dereference errors
- Oops messages mentioning cache_tag_flush_range
- vfio_iommu_type1 related crashes in dmesg
SIEM Query:
source="kernel" AND ("cache_tag_flush_range" OR "vfio_iommu_type1" OR "NULL pointer dereference")