{"api_version":"1","generated_at":"2026-05-12T18:11:33+00:00","cve":"CVE-2024-26891","urls":{"html":"https://cve.report/CVE-2024-26891","api":"https://cve.report/api/cve/CVE-2024-26891.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-26891","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-26891"},"summary":{"title":"iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected","description":"In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Don't issue ATS Invalidation request when device is disconnected\n\nFor those endpoint devices connect to system via hotplug capable ports,\nusers could request a hot reset to the device by flapping device's link\nthrough setting the slot's link control register, as pciehp_ist() DLLSC\ninterrupt sequence response, pciehp will unload the device driver and\nthen power it off. thus cause an IOMMU device-TLB invalidation (Intel\nVT-d spec, or ATS Invalidation in PCIe spec r6.1) request for non-existence\ntarget device to be sent and deadly loop to retry that request after ITE\nfault triggered in interrupt context.\n\nThat would cause following continuous hard lockup warning and system hang\n\n[ 4211.433662] pcieport 0000:17:01.0: pciehp: Slot(108): Link Down\n[ 4211.433664] pcieport 0000:17:01.0: pciehp: Slot(108): Card not present\n[ 4223.822591] NMI watchdog: Watchdog detected hard LOCKUP on cpu 144\n[ 4223.822622] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S\n         OE    kernel version xxxx\n[ 4223.822623] Hardware name: vendorname xxxx 666-106,\nBIOS 01.01.02.03.01 05/15/2023\n[ 4223.822623] RIP: 0010:qi_submit_sync+0x2c0/0x490\n[ 4223.822624] Code: 48 be 00 00 00 00 00 08 00 00 49 85 74 24 20 0f 95 c1 48 8b\n 57 10 83 c1 04 83 3c 1a 03 0f 84 a2 01 00 00 49 8b 04 24 8b 70 34 <40> f6 c6 1\n0 74 17 49 8b 04 24 8b 80 80 00 00 00 89 c2 d3 fa 41 39\n[ 4223.822624] RSP: 0018:ffffc4f074f0bbb8 EFLAGS: 00000093\n[ 4223.822625] RAX: ffffc4f040059000 RBX: 0000000000000014 RCX: 0000000000000005\n[ 4223.822625] RDX: ffff9f3841315800 RSI: 0000000000000000 RDI: ffff9f38401a8340\n[ 4223.822625] RBP: ffff9f38401a8340 R08: ffffc4f074f0bc00 R09: 0000000000000000\n[ 4223.822626] R10: 0000000000000010 R11: 0000000000000018 R12: ffff9f384005e200\n[ 4223.822626] R13: 0000000000000004 R14: 0000000000000046 R15: 0000000000000004\n[ 4223.822626] FS:  0000000000000000(0000) GS:ffffa237ae400000(0000)\nknlGS:0000000000000000\n[ 4223.822627] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4223.822627] CR2: 00007ffe86515d80 CR3: 000002fd3000a001 CR4: 0000000000770ee0\n[ 4223.822627] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 4223.822628] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[ 4223.822628] PKRU: 55555554\n[ 4223.822628] Call Trace:\n[ 4223.822628]  qi_flush_dev_iotlb+0xb1/0xd0\n[ 4223.822628]  __dmar_remove_one_dev_info+0x224/0x250\n[ 4223.822629]  dmar_remove_one_dev_info+0x3e/0x50\n[ 4223.822629]  intel_iommu_release_device+0x1f/0x30\n[ 4223.822629]  iommu_release_device+0x33/0x60\n[ 4223.822629]  iommu_bus_notifier+0x7f/0x90\n[ 4223.822630]  blocking_notifier_call_chain+0x60/0x90\n[ 4223.822630]  device_del+0x2e5/0x420\n[ 4223.822630]  pci_remove_bus_device+0x70/0x110\n[ 4223.822630]  pciehp_unconfigure_device+0x7c/0x130\n[ 4223.822631]  pciehp_disable_slot+0x6b/0x100\n[ 4223.822631]  pciehp_handle_presence_or_link_change+0xd8/0x320\n[ 4223.822631]  pciehp_ist+0x176/0x180\n[ 4223.822631]  ? irq_finalize_oneshot.part.50+0x110/0x110\n[ 4223.822632]  irq_thread_fn+0x19/0x50\n[ 4223.822632]  irq_thread+0x104/0x190\n[ 4223.822632]  ? irq_forced_thread_fn+0x90/0x90\n[ 4223.822632]  ? irq_thread_check_affinity+0xe0/0xe0\n[ 4223.822633]  kthread+0x114/0x130\n[ 4223.822633]  ? __kthread_cancel_work+0x40/0x40\n[ 4223.822633]  ret_from_fork+0x1f/0x30\n[ 4223.822633] Kernel panic - not syncing: Hard LOCKUP\n[ 4223.822634] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S\n         OE     kernel version xxxx\n[ 4223.822634] Hardware name: vendorname xxxx 666-106,\nBIOS 01.01.02.03.01 05/15/2023\n[ 4223.822634] Call Trace:\n[ 4223.822634]  <NMI>\n[ 4223.822635]  dump_stack+0x6d/0x88\n[ 4223.822635]  panic+0x101/0x2d0\n[ 4223.822635]  ? ret_from_fork+0x11/0x30\n[ 4223.822635]  nmi_panic.cold.14+0xc/0xc\n[ 4223.822636]  watchdog_overflow_callback.cold.8+0x6d/0x81\n[ 4223.822636]  __perf_event_overflow+0x4f/0xf0\n[ 4223.822636]  handle_pmi_common\n---truncated---","state":"PUBLISHED","assigner":"Linux","published_at":"2024-04-17 11:15:10","updated_at":"2026-05-12 12:16:24"},"problem_types":["NVD-CWE-Other"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}}],"references":[{"url":"https://git.kernel.org/stable/c/f873b85ec762c5a6abe94a7ddb31df5d3ba07d85","name":"https://git.kernel.org/stable/c/f873b85ec762c5a6abe94a7ddb31df5d3ba07d85","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/34a7b30f56d30114bf4d436e4dc793afe326fbcf","name":"https://git.kernel.org/stable/c/34a7b30f56d30114bf4d436e4dc793afe326fbcf","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","name":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/025bc6b41e020aeb1e71f84ae3ffce945026de05","name":"https://git.kernel.org/stable/c/025bc6b41e020aeb1e71f84ae3ffce945026de05","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/c04f2780919f20e2cc4846764221f5e802555868","name":"https://git.kernel.org/stable/c/c04f2780919f20e2cc4846764221f5e802555868","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/d70f1c85113cd8c2aa8373f491ca5d1b22ec0554","name":"https://git.kernel.org/stable/c/d70f1c85113cd8c2aa8373f491ca5d1b22ec0554","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/4fc82cd907ac075648789cc3a00877778aa1838b","name":"https://git.kernel.org/stable/c/4fc82cd907ac075648789cc3a00877778aa1838b","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/2b74b2a92e524d7c8dec8e02e95ecf18b667c062","name":"https://git.kernel.org/stable/c/2b74b2a92e524d7c8dec8e02e95ecf18b667c062","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-26891","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26891","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6f7db75e1c469057fe7588ed959328ead771ccc7 f873b85ec762c5a6abe94a7ddb31df5d3ba07d85 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6f7db75e1c469057fe7588ed959328ead771ccc7 d70f1c85113cd8c2aa8373f491ca5d1b22ec0554 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6f7db75e1c469057fe7588ed959328ead771ccc7 34a7b30f56d30114bf4d436e4dc793afe326fbcf git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6f7db75e1c469057fe7588ed959328ead771ccc7 2b74b2a92e524d7c8dec8e02e95ecf18b667c062 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6f7db75e1c469057fe7588ed959328ead771ccc7 c04f2780919f20e2cc4846764221f5e802555868 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6f7db75e1c469057fe7588ed959328ead771ccc7 025bc6b41e020aeb1e71f84ae3ffce945026de05 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6f7db75e1c469057fe7588ed959328ead771ccc7 4fc82cd907ac075648789cc3a00877778aa1838b git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 5.0","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.0 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.214 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.153 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.83 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.23 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.7.11 6.7.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.8.2 6.8.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.9 * original_commit_for_fix","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","version":"affected * custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2024","cve_id":"26891","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2024-26891","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-06-17T17:41:17.252617Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-06-17T17:47:46.218Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2024-08-02T00:21:05.551Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/f873b85ec762c5a6abe94a7ddb31df5d3ba07d85"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/d70f1c85113cd8c2aa8373f491ca5d1b22ec0554"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/34a7b30f56d30114bf4d436e4dc793afe326fbcf"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/2b74b2a92e524d7c8dec8e02e95ecf18b667c062"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/c04f2780919f20e2cc4846764221f5e802555868"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/025bc6b41e020aeb1e71f84ae3ffce945026de05"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/4fc82cd907ac075648789cc3a00877778aa1838b"},{"tags":["x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}],"title":"CVE Program Container"},{"affected":[{"defaultStatus":"unknown","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]}],"providerMetadata":{"dateUpdated":"2026-05-12T11:50:12.585Z","orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP"},"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html"}],"x_adpType":"supplier"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/iommu/intel/pasid.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"f873b85ec762c5a6abe94a7ddb31df5d3ba07d85","status":"affected","version":"6f7db75e1c469057fe7588ed959328ead771ccc7","versionType":"git"},{"lessThan":"d70f1c85113cd8c2aa8373f491ca5d1b22ec0554","status":"affected","version":"6f7db75e1c469057fe7588ed959328ead771ccc7","versionType":"git"},{"lessThan":"34a7b30f56d30114bf4d436e4dc793afe326fbcf","status":"affected","version":"6f7db75e1c469057fe7588ed959328ead771ccc7","versionType":"git"},{"lessThan":"2b74b2a92e524d7c8dec8e02e95ecf18b667c062","status":"affected","version":"6f7db75e1c469057fe7588ed959328ead771ccc7","versionType":"git"},{"lessThan":"c04f2780919f20e2cc4846764221f5e802555868","status":"affected","version":"6f7db75e1c469057fe7588ed959328ead771ccc7","versionType":"git"},{"lessThan":"025bc6b41e020aeb1e71f84ae3ffce945026de05","status":"affected","version":"6f7db75e1c469057fe7588ed959328ead771ccc7","versionType":"git"},{"lessThan":"4fc82cd907ac075648789cc3a00877778aa1838b","status":"affected","version":"6f7db75e1c469057fe7588ed959328ead771ccc7","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/iommu/intel/pasid.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"5.0"},{"lessThan":"5.0","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.214","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.153","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.83","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.23","versionType":"semver"},{"lessThanOrEqual":"6.7.*","status":"unaffected","version":"6.7.11","versionType":"semver"},{"lessThanOrEqual":"6.8.*","status":"unaffected","version":"6.8.2","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"6.9","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.214","versionStartIncluding":"5.0","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.153","versionStartIncluding":"5.0","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.83","versionStartIncluding":"5.0","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.23","versionStartIncluding":"5.0","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.7.11","versionStartIncluding":"5.0","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.8.2","versionStartIncluding":"5.0","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9","versionStartIncluding":"5.0","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Don't issue ATS Invalidation request when device is disconnected\n\nFor those endpoint devices connect to system via hotplug capable ports,\nusers could request a hot reset to the device by flapping device's link\nthrough setting the slot's link control register, as pciehp_ist() DLLSC\ninterrupt sequence response, pciehp will unload the device driver and\nthen power it off. thus cause an IOMMU device-TLB invalidation (Intel\nVT-d spec, or ATS Invalidation in PCIe spec r6.1) request for non-existence\ntarget device to be sent and deadly loop to retry that request after ITE\nfault triggered in interrupt context.\n\nThat would cause following continuous hard lockup warning and system hang\n\n[ 4211.433662] pcieport 0000:17:01.0: pciehp: Slot(108): Link Down\n[ 4211.433664] pcieport 0000:17:01.0: pciehp: Slot(108): Card not present\n[ 4223.822591] NMI watchdog: Watchdog detected hard LOCKUP on cpu 144\n[ 4223.822622] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S\n         OE    kernel version xxxx\n[ 4223.822623] Hardware name: vendorname xxxx 666-106,\nBIOS 01.01.02.03.01 05/15/2023\n[ 4223.822623] RIP: 0010:qi_submit_sync+0x2c0/0x490\n[ 4223.822624] Code: 48 be 00 00 00 00 00 08 00 00 49 85 74 24 20 0f 95 c1 48 8b\n 57 10 83 c1 04 83 3c 1a 03 0f 84 a2 01 00 00 49 8b 04 24 8b 70 34 <40> f6 c6 1\n0 74 17 49 8b 04 24 8b 80 80 00 00 00 89 c2 d3 fa 41 39\n[ 4223.822624] RSP: 0018:ffffc4f074f0bbb8 EFLAGS: 00000093\n[ 4223.822625] RAX: ffffc4f040059000 RBX: 0000000000000014 RCX: 0000000000000005\n[ 4223.822625] RDX: ffff9f3841315800 RSI: 0000000000000000 RDI: ffff9f38401a8340\n[ 4223.822625] RBP: ffff9f38401a8340 R08: ffffc4f074f0bc00 R09: 0000000000000000\n[ 4223.822626] R10: 0000000000000010 R11: 0000000000000018 R12: ffff9f384005e200\n[ 4223.822626] R13: 0000000000000004 R14: 0000000000000046 R15: 0000000000000004\n[ 4223.822626] FS:  0000000000000000(0000) GS:ffffa237ae400000(0000)\nknlGS:0000000000000000\n[ 4223.822627] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4223.822627] CR2: 00007ffe86515d80 CR3: 000002fd3000a001 CR4: 0000000000770ee0\n[ 4223.822627] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 4223.822628] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[ 4223.822628] PKRU: 55555554\n[ 4223.822628] Call Trace:\n[ 4223.822628]  qi_flush_dev_iotlb+0xb1/0xd0\n[ 4223.822628]  __dmar_remove_one_dev_info+0x224/0x250\n[ 4223.822629]  dmar_remove_one_dev_info+0x3e/0x50\n[ 4223.822629]  intel_iommu_release_device+0x1f/0x30\n[ 4223.822629]  iommu_release_device+0x33/0x60\n[ 4223.822629]  iommu_bus_notifier+0x7f/0x90\n[ 4223.822630]  blocking_notifier_call_chain+0x60/0x90\n[ 4223.822630]  device_del+0x2e5/0x420\n[ 4223.822630]  pci_remove_bus_device+0x70/0x110\n[ 4223.822630]  pciehp_unconfigure_device+0x7c/0x130\n[ 4223.822631]  pciehp_disable_slot+0x6b/0x100\n[ 4223.822631]  pciehp_handle_presence_or_link_change+0xd8/0x320\n[ 4223.822631]  pciehp_ist+0x176/0x180\n[ 4223.822631]  ? irq_finalize_oneshot.part.50+0x110/0x110\n[ 4223.822632]  irq_thread_fn+0x19/0x50\n[ 4223.822632]  irq_thread+0x104/0x190\n[ 4223.822632]  ? irq_forced_thread_fn+0x90/0x90\n[ 4223.822632]  ? irq_thread_check_affinity+0xe0/0xe0\n[ 4223.822633]  kthread+0x114/0x130\n[ 4223.822633]  ? __kthread_cancel_work+0x40/0x40\n[ 4223.822633]  ret_from_fork+0x1f/0x30\n[ 4223.822633] Kernel panic - not syncing: Hard LOCKUP\n[ 4223.822634] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S\n         OE     kernel version xxxx\n[ 4223.822634] Hardware name: vendorname xxxx 666-106,\nBIOS 01.01.02.03.01 05/15/2023\n[ 4223.822634] Call Trace:\n[ 4223.822634]  <NMI>\n[ 4223.822635]  dump_stack+0x6d/0x88\n[ 4223.822635]  panic+0x101/0x2d0\n[ 4223.822635]  ? ret_from_fork+0x11/0x30\n[ 4223.822635]  nmi_panic.cold.14+0xc/0xc\n[ 4223.822636]  watchdog_overflow_callback.cold.8+0x6d/0x81\n[ 4223.822636]  __perf_event_overflow+0x4f/0xf0\n[ 4223.822636]  handle_pmi_common\n---truncated---"}],"providerMetadata":{"dateUpdated":"2026-05-11T20:06:21.150Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/f873b85ec762c5a6abe94a7ddb31df5d3ba07d85"},{"url":"https://git.kernel.org/stable/c/d70f1c85113cd8c2aa8373f491ca5d1b22ec0554"},{"url":"https://git.kernel.org/stable/c/34a7b30f56d30114bf4d436e4dc793afe326fbcf"},{"url":"https://git.kernel.org/stable/c/2b74b2a92e524d7c8dec8e02e95ecf18b667c062"},{"url":"https://git.kernel.org/stable/c/c04f2780919f20e2cc4846764221f5e802555868"},{"url":"https://git.kernel.org/stable/c/025bc6b41e020aeb1e71f84ae3ffce945026de05"},{"url":"https://git.kernel.org/stable/c/4fc82cd907ac075648789cc3a00877778aa1838b"}],"title":"iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2024-26891","datePublished":"2024-04-17T10:27:44.061Z","dateReserved":"2024-02-19T14:20:24.186Z","dateUpdated":"2026-05-12T11:50:12.585Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-04-17 11:15:10","lastModifiedDate":"2026-05-12 12:16:24","problem_types":["NVD-CWE-Other"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.10.214","matchCriteriaId":"A88E3220-EE99-4C28-945D-539C06DB0359"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.153","matchCriteriaId":"ACB69438-845D-4E3C-B114-3140611F9C0B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.83","matchCriteriaId":"121A07F6-F505-4C47-86BF-9BB6CC7B6C19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.23","matchCriteriaId":"E00814DC-0BA7-431A-9926-80FEB4A96C68"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.7.11","matchCriteriaId":"9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.8.2","matchCriteriaId":"543A75FF-25B8-4046-A514-1EA8EDD87AB1"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"26891","Ordinal":"1","Title":"iommu/vt-d: Don't issue ATS Invalidation request when device is ","CVE":"CVE-2024-26891","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"26891","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Don't issue ATS Invalidation request when device is disconnected\n\nFor those endpoint devices connect to system via hotplug capable ports,\nusers could request a hot reset to the device by flapping device's link\nthrough setting the slot's link control register, as pciehp_ist() DLLSC\ninterrupt sequence response, pciehp will unload the device driver and\nthen power it off. thus cause an IOMMU device-TLB invalidation (Intel\nVT-d spec, or ATS Invalidation in PCIe spec r6.1) request for non-existence\ntarget device to be sent and deadly loop to retry that request after ITE\nfault triggered in interrupt context.\n\nThat would cause following continuous hard lockup warning and system hang\n\n[ 4211.433662] pcieport 0000:17:01.0: pciehp: Slot(108): Link Down\n[ 4211.433664] pcieport 0000:17:01.0: pciehp: Slot(108): Card not present\n[ 4223.822591] NMI watchdog: Watchdog detected hard LOCKUP on cpu 144\n[ 4223.822622] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S\n         OE    kernel version xxxx\n[ 4223.822623] Hardware name: vendorname xxxx 666-106,\nBIOS 01.01.02.03.01 05/15/2023\n[ 4223.822623] RIP: 0010:qi_submit_sync+0x2c0/0x490\n[ 4223.822624] Code: 48 be 00 00 00 00 00 08 00 00 49 85 74 24 20 0f 95 c1 48 8b\n 57 10 83 c1 04 83 3c 1a 03 0f 84 a2 01 00 00 49 8b 04 24 8b 70 34 <40> f6 c6 1\n0 74 17 49 8b 04 24 8b 80 80 00 00 00 89 c2 d3 fa 41 39\n[ 4223.822624] RSP: 0018:ffffc4f074f0bbb8 EFLAGS: 00000093\n[ 4223.822625] RAX: ffffc4f040059000 RBX: 0000000000000014 RCX: 0000000000000005\n[ 4223.822625] RDX: ffff9f3841315800 RSI: 0000000000000000 RDI: ffff9f38401a8340\n[ 4223.822625] RBP: ffff9f38401a8340 R08: ffffc4f074f0bc00 R09: 0000000000000000\n[ 4223.822626] R10: 0000000000000010 R11: 0000000000000018 R12: ffff9f384005e200\n[ 4223.822626] R13: 0000000000000004 R14: 0000000000000046 R15: 0000000000000004\n[ 4223.822626] FS:  0000000000000000(0000) GS:ffffa237ae400000(0000)\nknlGS:0000000000000000\n[ 4223.822627] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4223.822627] CR2: 00007ffe86515d80 CR3: 000002fd3000a001 CR4: 0000000000770ee0\n[ 4223.822627] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 4223.822628] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[ 4223.822628] PKRU: 55555554\n[ 4223.822628] Call Trace:\n[ 4223.822628]  qi_flush_dev_iotlb+0xb1/0xd0\n[ 4223.822628]  __dmar_remove_one_dev_info+0x224/0x250\n[ 4223.822629]  dmar_remove_one_dev_info+0x3e/0x50\n[ 4223.822629]  intel_iommu_release_device+0x1f/0x30\n[ 4223.822629]  iommu_release_device+0x33/0x60\n[ 4223.822629]  iommu_bus_notifier+0x7f/0x90\n[ 4223.822630]  blocking_notifier_call_chain+0x60/0x90\n[ 4223.822630]  device_del+0x2e5/0x420\n[ 4223.822630]  pci_remove_bus_device+0x70/0x110\n[ 4223.822630]  pciehp_unconfigure_device+0x7c/0x130\n[ 4223.822631]  pciehp_disable_slot+0x6b/0x100\n[ 4223.822631]  pciehp_handle_presence_or_link_change+0xd8/0x320\n[ 4223.822631]  pciehp_ist+0x176/0x180\n[ 4223.822631]  ? irq_finalize_oneshot.part.50+0x110/0x110\n[ 4223.822632]  irq_thread_fn+0x19/0x50\n[ 4223.822632]  irq_thread+0x104/0x190\n[ 4223.822632]  ? irq_forced_thread_fn+0x90/0x90\n[ 4223.822632]  ? irq_thread_check_affinity+0xe0/0xe0\n[ 4223.822633]  kthread+0x114/0x130\n[ 4223.822633]  ? __kthread_cancel_work+0x40/0x40\n[ 4223.822633]  ret_from_fork+0x1f/0x30\n[ 4223.822633] Kernel panic - not syncing: Hard LOCKUP\n[ 4223.822634] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S\n         OE     kernel version xxxx\n[ 4223.822634] Hardware name: vendorname xxxx 666-106,\nBIOS 01.01.02.03.01 05/15/2023\n[ 4223.822634] Call Trace:\n[ 4223.822634]  <NMI>\n[ 4223.822635]  dump_stack+0x6d/0x88\n[ 4223.822635]  panic+0x101/0x2d0\n[ 4223.822635]  ? ret_from_fork+0x11/0x30\n[ 4223.822635]  nmi_panic.cold.14+0xc/0xc\n[ 4223.822636]  watchdog_overflow_callback.cold.8+0x6d/0x81\n[ 4223.822636]  __perf_event_overflow+0x4f/0xf0\n[ 4223.822636]  handle_pmi_common\n---truncated---","Type":"Description","Title":"iommu/vt-d: Don't issue ATS Invalidation request when device is "}]}}}