CVE-2024-44994

iommu: Restore lost return in iommu_report_device_fault()

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: iommu: Restore lost return in iommu_report_device_fault() When iommu_report_device_fault gets called with a partial fault it is
supposed to collect the fault into the group and then return. Instead the return was accidently deleted which results in trying to
process the fault and an eventual crash. Deleting the return was a typo, put it back.

In the Linux kernel, the following vulnerability has been resolved: iommu: Restore lost return in iommu_report_device_fault() When iommu_report_device_fault gets called with a partial fault it is supposed to collect the fault into the group and then return. Instead the return was accidently deleted which results in trying to process the fault and an eventual crash. Deleting the return was a typo, put it back.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-08-21 CVE Reserved
2024-09-04 CVE Published
2025-05-04 CVE Updated
2025-07-01 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-703: Improper Check or Handling of Exceptional Conditions

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/3dfa64aecbafc288216b2790438d395add192c30	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/cc6bc2ab1663ec9353636416af22452b078510e9	2024-08-29
https://git.kernel.org/stable/c/fca5b78511e98bdff2cdd55c172b23200a7b3404	2024-08-02

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-44994	2024-12-11
https://bugzilla.redhat.com/show_bug.cgi?id=2309857	2024-12-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.9 < 6.10.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.9 < 6.10.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.9 < 6.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.9 < 6.11"		en		Affected