CVE-2024-26709

Summary

CVE-2024-26709 is a vulnerability affecting the Linux kernel on PowerPC systems. The flaw is located in the iommu subsystem, specifically in the function spapr_tce_platform_iommu_attach_dev(). Due to a missing call to iommu_group_put() during platform domain attach, a refcount leak occurs, leading to a kernel bug and potential system instability. This issue can manifest during DLPAR remove operations and may cause the system to enter an unreliable state, as indicated by the error message and call trace provided. The patch resolves the vulnerability by adding the missing iommu_group_put() call.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.