CVE-2024-27437 — Resource Injection in Linux
Severity
5.5MEDIUMNVD
OSV7.0
EPSS
0.0%
top 97.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 5
Latest updateOct 17
Description
In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: Disable auto-enable of exclusive INTx IRQ
Currently for devices requiring masking at the irqchip for INTx, ie.
devices without DisINTx support, the IRQ is enabled in request_irq()
and subsequently disabled as necessary to align with the masked status
flag. This presents a window where the interrupt could fire between
these events, resulting in the IRQ incrementing the disable depth twice.
This would be unrecoverable …
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages7 packages
▶CVEListV5linux/linux89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 — 26389925d6c2126fb777821a0a983adca7ee6351+8
Also affects: Debian Linux 10.0
Patches
🔴Vulnerability Details
23OSV▶
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities↗2024-09-23