CVE-2024-56760
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-56760 is a vulnerability affecting the Linux kernel's PCI/MSI (Message Signaled Interrupts) subsystem. During the setup process, a warning message was observed on certain platforms, such as RISCV, that do not support PCI/MSI. The warning message was spurious and resulted from a legacy fallback assumption in the Linux kernel. This assumption, which checks for MSI-X support and assumes legacy behavior if it's not present, is actually only valid when legacy support is enabled. However, some implementations, like Loongarch, enabled legacy support without implementing the necessary fallbacks, leading to incorrect error handling. To address this issue, developers must modify `pci_msi_domain_supports()` to evaluate the legacy mode and add the missing supported check in the MSI enable path.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX