In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: Disable auto-enable of exclusive INTx IRQ
Currently for devices requiring masking at the irqchip for INTx, ie.
devices without DisINTx support, the IRQ is enabled in request_irq()
and subsequently disabled as necessary to align with the masked status
flag. This presents a window where the interrupt could fire between
these events, resulting in the IRQ incrementing the disable depth twice.
This would be unrecoverable for a user since the masked flag prevents
nested enables through vfio.
Instead, invert the logic using IRQF_NO_AUTOEN such that exclusive INTx
is never auto-enabled, then unmask as required.
vfio/pci: Disable auto-enable of exclusive INTx IRQ
Currently for devices requiring masking at the irqchip for INTx, ie.
devices without DisINTx support, the IRQ is enabled in request_irq()
and subsequently disabled as necessary to align with the masked status
flag. This presents a window where the interrupt could fire between
these events, resulting in the IRQ incrementing the disable depth twice.
This would be unrecoverable for a user since the masked flag prevents
nested enables through vfio.
Instead, invert the logic using IRQF_NO_AUTOEN such that exclusive INTx
is never auto-enabled, then unmask as required.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-3842-1 | linux-5.10 security update |
![]() |
DSA-5658-1 | linux security update |
![]() |
DSA-5681-1 | linux security update |
![]() |
USN-6816-1 | Linux kernel vulnerabilities |
![]() |
USN-6817-1 | Linux kernel vulnerabilities |
![]() |
USN-6817-2 | Linux kernel (OEM) vulnerabilities |
![]() |
USN-6817-3 | Linux kernel vulnerabilities |
![]() |
USN-6878-1 | Linux kernel (Oracle) vulnerabilities |
![]() |
USN-6896-1 | Linux kernel vulnerabilities |
![]() |
USN-6896-2 | Linux kernel vulnerabilities |
![]() |
USN-6896-3 | Linux kernel vulnerabilities |
![]() |
USN-6896-4 | Linux kernel vulnerabilities |
![]() |
USN-6896-5 | Linux kernel vulnerabilities |
![]() |
USN-6898-1 | Linux kernel vulnerabilities |
![]() |
USN-6898-2 | Linux kernel vulnerabilities |
![]() |
USN-6898-3 | Linux kernel kernel vulnerabilities |
![]() |
USN-6898-4 | Linux kernel vulnerabilities |
![]() |
USN-6917-1 | Linux kernel vulnerabilities |
![]() |
USN-6919-1 | Linux kernel vulnerabilities |
![]() |
USN-6927-1 | Linux kernel vulnerabilities |
![]() |
USN-7019-1 | Linux kernel vulnerabilities |
![]() |
USN-7028-1 | Linux kernel vulnerabilities |
![]() |
USN-7028-2 | Linux kernel (Azure) vulnerabilities |
![]() |
USN-7039-1 | Linux kernel vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 27 Mar 2025 22:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Debian
Debian debian Linux Linux Linux linux Kernel |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Debian
Debian debian Linux Linux Linux linux Kernel |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 13 Nov 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux |
Tue, 05 Nov 2024 10:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|

Status: PUBLISHED
Assigner: Linux
Published:
Updated: 2025-05-04T09:05:06.189Z
Reserved: 2024-02-25T13:47:42.687Z
Link: CVE-2024-27437

Updated: 2024-06-06T19:03:22.219Z

Status : Analyzed
Published: 2024-04-05T09:15:09.443
Modified: 2025-03-27T21:37:24.097
Link: CVE-2024-27437


No data.