CVE-2024-56724

mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device While design wise the idea of converting the driver to use
the hierarchy of the IRQ chips is correct, the implementation
has (inherited) flaws. This was unveiled when platform_get_irq()
had started WARN() on IRQ 0 that is supposed to be a Linux
IRQ number (also known as vIRQ). Rework the driver to respect IRQ domain when creating each MFD
device separately, as the domain is not the same for all of them.

In the Linux kernel, the following vulnerability has been resolved: mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) flaws. This was unveiled when platform_get_irq() had started WARN() on IRQ 0 that is supposed to be a Linux IRQ number (also known as vIRQ). Rework the driver to respect IRQ domain when creating each MFD device separately, as the domain is not the same for all of them.

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-12-27 CVE Reserved
2024-12-29 CVE Published
2025-01-20 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/957ae5098185e763b5c06be6c3b4b6e98c048712	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/b7c7c400de85d915e0da7c2c363553a801c47349	2024-12-14
https://git.kernel.org/stable/c/c472b55cc0bc3df805db6a14f50a084884cf18ee	2024-12-14
https://git.kernel.org/stable/c/da498e02c92e6d82df8001438dd583b90c570815	2024-12-14
https://git.kernel.org/stable/c/56acf415772ee7e10e448b371f52b249aa2d0f7b	2024-12-14
https://git.kernel.org/stable/c/1b734ad0e33648c3988c6a37c2ac16c2d63eda06	2024-12-09
https://git.kernel.org/stable/c/2310f5336f32eac9ada2d59b965d578efe25c4bf	2024-12-05
https://git.kernel.org/stable/c/5bc6d0da4a32fe34a9960de577e0b7de3454de0c	2024-12-05
https://git.kernel.org/stable/c/9b79d59e6b2b515eb9a22bc469ef7b8f0904fc73	2024-10-16

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 5.4.287 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 5.4.287"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 5.10.231 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 5.10.231"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 5.15.174 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 5.15.174"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 6.1.120 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 6.1.120"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 6.6.64 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 6.6.64"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 6.11.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 6.11.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 6.12.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 6.12.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 6.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 6.13"		en		Affected