CVE-2024-56668

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 27, 2024

Updated: Jan 6, 2025

CWE ID 476

CWE ID 401

Summary

CVE-2024-56668 is a Linux kernel vulnerability affecting the iommufd driver's iopt_map_common function. The issue arises due to a missed qi_batch allocation for nested parent domains, leading to a NULL pointer dereference at kernel address 0x0000000000000200. This defect can also cause a potential memory leak since the domain->qi_batch allocation lacks a lock. The vulnerability has been rectified by adding a helper for qi_batch allocation and utilizing it in both __cache_tag_assign_domain() and __cache_tag_assign_parent_domain(). The flaw can lead to a kernel panic and potentially allow unauthorized access or data manipulation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Know What Matters

For Customers

For Partners