CVE-2024-40963

mips: bmips: BCM6358: make sure CBR is correctly set

Severity Score

7.0

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: make sure CBR is correctly set It was discovered that some device have CBR address set to 0 causing
kernel panic when arch_sync_dma_for_cpu_all is called. This was notice in situation where the system is booted from TP1 and
BMIPS_GET_CBR() returns 0 instead of a valid address and
!!(read_c0_brcm_cmt_local() & (1 << 31)); not failing. The current check whether RAC flush should be disabled or not are not
enough hence lets check if CBR is a valid address or not.

In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: make sure CBR is correctly set It was discovered that some device have CBR address set to 0 causing kernel panic when arch_sync_dma_for_cpu_all is called. This was notice in situation where the system is booted from TP1 and BMIPS_GET_CBR() returns 0 instead of a valid address and !!(read_c0_brcm_cmt_local() & (1 << 31)); not failing. The current check whether RAC flush should be disabled or not are not enough hence lets check if CBR is a valid address or not.

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.

*Credits: N/A

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-12 CVE Reserved
2024-07-12 CVE Published
2024-12-19 CVE Updated
2025-03-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (13)

URL	Tag	Source
https://git.kernel.org/stable/c/d65de5ee8b72868fbbbd39ca73017d0e526fa13a	Vuln. Introduced
https://git.kernel.org/stable/c/47a449ec09b4479b89dcc6b27ec3829fc82ffafb	Vuln. Introduced
https://git.kernel.org/stable/c/65b723644294f1d79770704162c0e8d1f700b6f1	Vuln. Introduced
https://git.kernel.org/stable/c/2cdbcff99f15db86a10672fb220379a1ae46ccae	Vuln. Introduced
https://git.kernel.org/stable/c/ab327f8acdf8d06601fbf058859a539a9422afff	Vuln. Introduced
https://git.kernel.org/stable/c/288c96aa5b5526cd4a946e84ef85e165857693b5	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/10afe5f7d30f6fe50c2b1177549d0e04921fc373	2024-07-05
https://git.kernel.org/stable/c/36d771ce6028b886e18a4a8956a5d23688e4e13d	2024-07-05
https://git.kernel.org/stable/c/89167072fd249e5f23ae2f8093f87da5925cef27	2024-07-05
https://git.kernel.org/stable/c/6c0f6ccd939166f56a904c792d7fcadae43b9085	2024-06-27
https://git.kernel.org/stable/c/2cd4854ef14a487bcfb76c7980675980cad27b52	2024-06-27
https://git.kernel.org/stable/c/da895fd6da438af8d9326b8f02d715a9c76c3b5b	2024-06-27
https://git.kernel.org/stable/c/ce5cdd3b05216b704a704f466fb4c2dff3778caf	2024-06-11

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.240 < 5.4.279 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.240 < 5.4.279"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.177 < 5.10.221 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.177 < 5.10.221"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.106 < 5.15.162 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.106 < 5.15.162"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.23 < 6.1.96 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.23 < 6.1.96"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.6.36 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.6.36"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.9.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.9.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.2.10 Search vendor "Linux" for product "Linux Kernel" and version "6.2.10"		en		Affected