medium
5.5
Advisory Published
Updated

CVE-2024-56760: PCI/MSI: Handle lack of irqdomain gracefully

First published: Mon Jan 06 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Handle lack of irqdomain gracefully Alexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a RISCV platform which does not provide PCI/MSI support: WARNING: CPU: 1 PID: 1 at drivers/pci/msi/msi.h:121 pci_msi_setup_msi_irqs+0x2c/0x32 __pci_enable_msix_range+0x30c/0x596 pci_msi_setup_msi_irqs+0x2c/0x32 pci_alloc_irq_vectors_affinity+0xb8/0xe2 RISCV uses hierarchical interrupt domains and correctly does not implement the legacy fallback. The warning triggers from the legacy fallback stub. That warning is bogus as the PCI/MSI layer knows whether a PCI/MSI parent domain is associated with the device or not. There is a check for MSI-X, which has a legacy assumption. But that legacy fallback assumption is only valid when legacy support is enabled, but otherwise the check should simply return -ENOTSUPP. Loongarch tripped over the same problem and blindly enabled legacy support without implementing the legacy fallbacks. There are weak implementations which return an error, so the problem was papered over. Correct pci_msi_domain_supports() to evaluate the legacy mode and add the missing supported check into the MSI enable path to complete it.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=6.2<6.6.69
Linux Kernel>=6.7<6.12.8
Linux Kernel=6.13-rc1
Linux Kernel=6.13-rc2
Linux Kernel=6.13-rc3
Linux Kernel=6.13-rc4
debian/linux
5.10.223-1
5.10.234-1
6.1.129-1
6.1.128-1
6.12.20-1
6.12.21-1

Remedy

https://git.kernel.org/stable/c/a60b990798eb17433d0283788280422b1bd94b18

Remedy

https://git.kernel.org/stable/c/aed157301c659a48f5564cc4568cf0e5c8831af0

Remedy

https://git.kernel.org/stable/c/b1f7476e07b93d65a1a3643dcb4a7bed80d4328d

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-56760?

    CVE-2024-56760 has not been assigned a common vulnerability scoring system (CVSS) score, but it has been noted to cause warnings in specific environments.

  • How does CVE-2024-56760 affect the Linux kernel?

    CVE-2024-56760 affects the Linux kernel by causing warnings related to PCI/MSI support on RISCV platforms.

  • What versions of the Linux kernel are impacted by CVE-2024-56760?

    CVE-2024-56760 affects Linux kernel versions from 6.2 up to 6.6.69, as well as certain release candidates like 6.13-rc1 to 6.13-rc4.

  • How can I mitigate the issues caused by CVE-2024-56760?

    Mitigation for CVE-2024-56760 involves upgrading the Linux kernel to a version where this issue has been resolved.

  • Is there a patch available for CVE-2024-56760?

    Yes, the maintainers of the Linux kernel have released patches to address the CVE-2024-56760 vulnerability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203