Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-pxrz-q3ep-wyc4
Vulnerability ID VCID-pxrz-q3ep-wyc4
Aliases CVE-2024-27079
Summary In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix NULL domain on device release In the kdump kernel, the IOMMU operates in deferred_attach mode. In this mode, info->domain may not yet be assigned by the time the release_device function is called. It leads to the following crash in the crash kernel: BUG: kernel NULL pointer dereference, address: 000000000000003c ... RIP: 0010:do_raw_spin_lock+0xa/0xa0 ... _raw_spin_lock_irqsave+0x1b/0x30 intel_iommu_release_device+0x96/0x170 iommu_deinit_device+0x39/0xf0 __iommu_group_remove_device+0xa0/0xd0 iommu_bus_notifier+0x55/0xb0 notifier_call_chain+0x5a/0xd0 blocking_notifier_call_chain+0x41/0x60 bus_notify+0x34/0x50 device_del+0x269/0x3d0 pci_remove_bus_device+0x77/0x100 p2sb_bar+0xae/0x1d0 ... i801_probe+0x423/0x740 Use the release_domain mechanism to fix it. The scalable mode context entry which is not part of release domain should be cleared in release_device().
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27079.json
epss 8e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-27079
epss 8e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-27079
cvssv3.1 5.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc Track https://git.kernel.org/stable/c/333fe86968482ca701c609af590003bcea450e8f
ssvc Track https://git.kernel.org/stable/c/81e921fd321614c2ad8ac333b041aae1da7a1c6d
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27079.json
https://api.first.org/data/v1/epss?cve=CVE-2024-27079
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2278492 https://bugzilla.redhat.com/show_bug.cgi?id=2278492
333fe86968482ca701c609af590003bcea450e8f https://git.kernel.org/stable/c/333fe86968482ca701c609af590003bcea450e8f
81e921fd321614c2ad8ac333b041aae1da7a1c6d https://git.kernel.org/stable/c/81e921fd321614c2ad8ac333b041aae1da7a1c6d
RHSA-2024:9315 https://access.redhat.com/errata/RHSA-2024:9315
USN-6816-1 https://usn.ubuntu.com/6816-1/
USN-6817-1 https://usn.ubuntu.com/6817-1/
USN-6817-2 https://usn.ubuntu.com/6817-2/
USN-6817-3 https://usn.ubuntu.com/6817-3/
USN-6878-1 https://usn.ubuntu.com/6878-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27079.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T17:45:27Z/ Found at https://git.kernel.org/stable/c/333fe86968482ca701c609af590003bcea450e8f
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T17:45:27Z/ Found at https://git.kernel.org/stable/c/81e921fd321614c2ad8ac333b041aae1da7a1c6d
Exploit Prediction Scoring System (EPSS)
Percentile 0.0078
EPSS Score 8e-05
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:50:18.439457+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0