cve/2024/CVE-2024-56568.md

### [CVE-2024-56568](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56568)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=021bb8420d44cf56102d44fca9af628625e75482%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.9%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:iommu/arm-smmu: Defer probe of clients after smmu device boundNull pointer dereference occurs due to a race between smmudriver probe and client driver probe, when of_dma_configure()for client is called after the iommu_device_register() for smmu driverprobe has executed but before the driver_bound() for smmu driverhas been called.Following is how the race occurs:T1:Smmu device probe		T2: Client device probereally_probe()arm_smmu_device_probe()iommu_device_register()					really_probe()					platform_dma_configure()					of_dma_configure()					of_dma_configure_id()					of_iommu_configure()					iommu_probe_device()					iommu_init_device()					arm_smmu_probe_device()					arm_smmu_get_by_fwnode()						driver_find_device_by_fwnode()						driver_find_device()						next_device()						klist_next()						    /* null ptr						       assigned to smmu */					/* null ptr dereference					   while smmu->streamid_mask */driver_bound()	klist_add_tail()When this null smmu pointer is dereferenced later inarm_smmu_probe_device, the device crashes.Fix this by deferring the probe of the client deviceuntil the smmu device has bound to the arm smmu driver.[will: Add comment]

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/cku-heise/euvd-api-doc
- https://github.com/w4zu/Debian_security