CVE-2024-56760

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jan 6, 2025
Updated: Jan 7, 2025

Summary

CVE-2024-56760 is a vulnerability affecting the Linux kernel's PCI/MSI (Message Signaled Interrupts) subsystem. During the setup process, a warning message was observed on certain platforms, such as RISCV, that do not support PCI/MSI. The warning message was spurious and resulted from a legacy fallback assumption in the Linux kernel. This assumption, which checks for MSI-X support and assumes legacy behavior if it's not present, is actually only valid when legacy support is enabled. However, some implementations, like Loongarch, enabled legacy support without implementing the necessary fallbacks, leading to incorrect error handling. To address this issue, developers must modify `pci_msi_domain_supports()` to evaluate the legacy mode and add the missing supported check in the MSI enable path.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share