CVE-2024-56760

PCI/MSI: Handle lack of irqdomain gracefully

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Handle lack of irqdomain gracefully Alexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a
RISCV platform which does not provide PCI/MSI support: WARNING: CPU: 1 PID: 1 at drivers/pci/msi/msi.h:121 pci_msi_setup_msi_irqs+0x2c/0x32 __pci_enable_msix_range+0x30c/0x596 pci_msi_setup_msi_irqs+0x2c/0x32 pci_alloc_irq_vectors_affinity+0xb8/0xe2 RISCV uses hierarchical interrupt domains and correctly does not implement
the legacy fallback. The warning triggers from the legacy fallback stub. That warning is bogus as the PCI/MSI layer knows whether a PCI/MSI parent
domain is associated with the device or not. There is a check for MSI-X,
which has a legacy assumption. But that legacy fallback assumption is only
valid when legacy support is enabled, but otherwise the check should simply
return -ENOTSUPP. Loongarch tripped over the same problem and blindly enabled legacy support
without implementing the legacy fallbacks. There are weak implementations
which return an error, so the problem was papered over. Correct pci_msi_domain_supports() to evaluate the legacy mode and add
the missing supported check into the MSI enable path to complete it.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI/MSI: gestionar la falta de irqdomain con gracia Alexandre observó una advertencia emitida desde pci_msi_setup_msi_irqs() en una plataforma RISCV que no proporciona compatibilidad con PCI/MSI: ADVERTENCIA: CPU: 1 PID: 1 en drivers/pci/msi/msi.h:121 pci_msi_setup_msi_irqs+0x2c/0x32 __pci_enable_msix_range+0x30c/0x596 pci_msi_setup_msi_irqs+0x2c/0x32 pci_alloc_irq_vectors_affinity+0xb8/0xe2 RISCV utiliza dominios de interrupción jerárquicos y no implementa correctamente el respaldo heredado. La advertencia se activa desde el stub de respaldo heredado. Esa advertencia es falsa, ya que la capa PCI/MSI sabe si un dominio principal PCI/MSI está asociado con el dispositivo o no. Hay una comprobación para MSI-X, que tiene una suposición de legado. Pero esa suposición de respaldo heredado solo es válida cuando está habilitada la compatibilidad heredada, pero de lo contrario, la comprobación simplemente debería devolver -ENOTSUPP. Loongarch tropezó con el mismo problema y habilitó ciegamente la compatibilidad heredada sin implementar los respaldos heredados. Hay implementaciones débiles que devuelven un error, por lo que el problema se disimuló. Corrija pci_msi_domain_supports() para evaluar el modo heredado y agregue la comprobación de compatibilidad faltante en la ruta de habilitación de MSI para completarla.

In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Handle lack of irqdomain gracefully Alexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a RISCV platform which does not provide PCI/MSI support: WARNING: CPU: 1 PID: 1 at drivers/pci/msi/msi.h:121 pci_msi_setup_msi_irqs+0x2c/0x32 __pci_enable_msix_range+0x30c/0x596 pci_msi_setup_msi_irqs+0x2c/0x32 pci_alloc_irq_vectors_affinity+0xb8/0xe2 RISCV uses hierarchical interrupt domains and correctly does not implement the legacy fallback. The warning triggers from the legacy fallback stub. That warning is bogus as the PCI/MSI layer knows whether a PCI/MSI parent domain is associated with the device or not. There is a check for MSI-X, which has a legacy assumption. But that legacy fallback assumption is only valid when legacy support is enabled, but otherwise the check should simply return -ENOTSUPP. Loongarch tripped over the same problem and blindly enabled legacy support without implementing the legacy fallbacks. There are weak implementations which return an error, so the problem was papered over. Correct pci_msi_domain_supports() to evaluate the legacy mode and add the missing supported check into the MSI enable path to complete it.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-12-29 CVE Reserved
2025-01-06 CVE Published
2025-01-06 CVE Updated
2025-01-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source
https://git.kernel.org/stable/c/d2a463b297415ca6dd4d60bb1c867dd7c931587b	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/b1f7476e07b93d65a1a3643dcb4a7bed80d4328d	2025-01-02
https://git.kernel.org/stable/c/aed157301c659a48f5564cc4568cf0e5c8831af0	2025-01-02
https://git.kernel.org/stable/c/a60b990798eb17433d0283788280422b1bd94b18	2024-12-16

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.6.69 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.6.69"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.12.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.12.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.13-rc5 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.13-rc5"		en		Affected