CVE-2024-47719: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-47719 affects the Linux kernel's IOMMUFD subsystem, specifically related to IOVA (I/O Virtual Address) allocation. The vulnerability was discovered and disclosed in October 2024, affecting Linux kernel versions from 6.2 up to (excluding) 6.6.54, from 6.7 up to (excluding) 6.10.13, and from 6.11 up to (excluding) 6.11.2 (NVD).

The vulnerability occurs in the IOMMUFD subsystem where userspace can supply an IOVA and uptr such that the target IOVA alignment becomes extremely large, causing an overflow in the ALIGN() function. This overflow corrupts the selected area range during allocation. The issue manifests in the iopt_alloc_area_pages function within drivers/iommu/iommufd/io_pagetable.c. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

When successfully exploited, this vulnerability can lead to memory corruption through overflow of the ALIGN() function. The overflow can corrupt the selected area range during IOVA allocation, potentially allowing an attacker to compromise system security. The high CVSS score indicates potential for significant impact on system confidentiality, integrity, and availability (NVD).

The vulnerability has been patched by capping the automatic alignment to the huge page size. The fix involves adding checks to prevent ALIGN() overflow and implementing a maximum alignment limit. The patch has been applied to multiple kernel versions and is available through distribution updates. Users should update their Linux kernel to versions 6.6.54, 6.10.13, or 6.11.2 or later to receive the fix (Ubuntu Security Notice).