Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2021-47140

Published: Mar 25, 2024 | Modified: Mar 25, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2021-47140
CWEhttps://cwe.mitre.org/data/definitions/.html

In the Linux kernel, the following vulnerability has been resolved:

iommu/amd: Clear DMA ops when switching domain

Since commit 08a27c1c3ecf (iommu: Add support to change default domain of an iommu group) a user can switch a device between IOMMU and direct DMA through sysfs. This doesnt work for AMD IOMMU at the moment because dev->dma_ops is not cleared when switching from a DMA to an identity IOMMU domain. The DMA layer thus attempts to use the dma-iommu ops on an identity domain, causing an oops:

echo 0000:00:05.0 > /sys/sys/bus/pci/drivers/e1000e/unbind

echo identity > /sys/bus/pci/devices/0000:00:05.0/iommu_group/type

echo 0000:00:05.0 > /sys/sys/bus/pci/drivers/e1000e/bind

… BUG: kernel NULL pointer dereference, address: 0000000000000028 … Call Trace: iommu_dma_alloc e1000e_setup_tx_resources e1000e_open

Since iommu_change_dev_def_domain() calls probe_finalize() again, clear the dma_ops there like Vt-d does.

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use