vulnerability
Ubuntu: (Multiple Advisories) (CVE-2024-27437): Linux kernel vulnerabilities
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:L/AC:L/Au:M/C:N/I:N/A:C) | 04/05/2024 | 07/01/2024 | 03/31/2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: Disable auto-enable of exclusive INTx IRQ
Currently for devices requiring masking at the irqchip for INTx, ie.
devices without DisINTx support, the IRQ is enabled in request_irq()
and subsequently disabled as necessary to align with the masked status
flag. This presents a window where the interrupt could fire between
these events, resulting in the IRQ incrementing the disable depth twice.
This would be unrecoverable for a user since the masked flag prevents
nested enables through vfio.
Instead, invert the logic using IRQF_NO_AUTOEN such that exclusive INTx
is never auto-enabled, then unmask as required.
Solution(s)
References
- CVE-2024-27437
- https://attackerkb.com/topics/CVE-2024-27437
- UBUNTU-USN-6816-1
- UBUNTU-USN-6817-1
- UBUNTU-USN-6817-2
- UBUNTU-USN-6817-3
- UBUNTU-USN-6878-1
- UBUNTU-USN-6896-1
- UBUNTU-USN-6896-2
- UBUNTU-USN-6896-3
- UBUNTU-USN-6896-4
- UBUNTU-USN-6896-5
- UBUNTU-USN-6898-1
- UBUNTU-USN-6898-2
- UBUNTU-USN-6898-3
- UBUNTU-USN-6898-4
- UBUNTU-USN-6917-1
- UBUNTU-USN-6919-1
- UBUNTU-USN-6927-1
- UBUNTU-USN-7019-1
- UBUNTU-USN-7028-1
- UBUNTU-USN-7028-2
- UBUNTU-USN-7039-1

Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.