Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2024-56760— PCI/MSI: Handle lack of irqdomain gracefully

AI Predicted 5.3 Difficulty: Easy EPSS 0.20% · P10

Possible ATT&CK Techniques 1AI

T1211 · Exploitation for Stealth

Affected Version Matrix 8

VendorProductVersion RangeStatus
LinuxLinuxd2a463b297415ca6dd4d60bb1c867dd7c931587b< b1f7476e07b93d65a1a3643dcb4a7bed80d4328daffected
d2a463b297415ca6dd4d60bb1c867dd7c931587b< aed157301c659a48f5564cc4568cf0e5c8831af0affected
d2a463b297415ca6dd4d60bb1c867dd7c931587b< a60b990798eb17433d0283788280422b1bd94b18affected
6.2affected
< 6.2unaffected
6.6.69≤ 6.6.*unaffected
6.12.8≤ 6.12.*unaffected
6.13≤ *unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-56760

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
PCI/MSI: Handle lack of irqdomain gracefully
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Handle lack of irqdomain gracefully Alexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a RISCV platform which does not provide PCI/MSI support: WARNING: CPU: 1 PID: 1 at drivers/pci/msi/msi.h:121 pci_msi_setup_msi_irqs+0x2c/0x32 __pci_enable_msix_range+0x30c/0x596 pci_msi_setup_msi_irqs+0x2c/0x32 pci_alloc_irq_vectors_affinity+0xb8/0xe2 RISCV uses hierarchical interrupt domains and correctly does not implement the legacy fallback. The warning triggers from the legacy fallback stub. That warning is bogus as the PCI/MSI layer knows whether a PCI/MSI parent domain is associated with the device or not. There is a check for MSI-X, which has a legacy assumption. But that legacy fallback assumption is only valid when legacy support is enabled, but otherwise the check should simply return -ENOTSUPP. Loongarch tripped over the same problem and blindly enabled legacy support without implementing the legacy fallbacks. There are weak implementations which return an error, so the problem was papered over. Correct pci_msi_domain_supports() to evaluate the legacy mode and add the missing supported check into the MSI enable path to complete it.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于在PCI/MSI模块中,当在不支持PCI/MSI的RISC-V平台上使用时,pci_msi_setup_msi_irqs函数会触发警告,因为该平台没有实现PCI/MSI父域的关联检查,导致内核产生不必要的警告信息,影响内核的稳定性和正确性。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux d2a463b297415ca6dd4d60bb1c867dd7c931587b ~ b1f7476e07b93d65a1a3643dcb4a7bed80d4328d -
LinuxLinux 6.2 -

II. Public POCs for CVE-2024-56760

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-56760

登录查看更多情报信息。

Patches & Fixes for CVE-2024-56760 (3)

Same Patch Batch · Linux · 2025-01-06 · 12 CVEs total

CVE-2024-56757Bluetooth: btusb: mediatek: add intf release flow when usb disconnect
CVE-2024-56758btrfs: check folio mapping after unlock in relocate_one_folio()
CVE-2024-56759btrfs: fix use-after-free when COWing tree bock and tracing is enabled
CVE-2024-56761x86/fred: Clear WFE in missing-ENDBRANCH #CPs
CVE-2024-56763tracing: Prevent bad count for tracing_cpumask_write
CVE-2024-56764ublk: detach gendisk from ublk device if add_disk() fails
CVE-2024-56765powerpc/pseries/vas: Add close() callback in vas_vm_ops struct
CVE-2024-56767dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset
CVE-2024-56766mtd: rawnand: fix double free in atmel_pmecc_create_user()
CVE-2024-56768bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP
CVE-2024-56769media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg

IV. Related Vulnerabilities

V. Comments for CVE-2024-56760

No comments yet


Leave a comment