CVE-2024-58006

PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() In commit 4284c88fff0e ("PCI: designware-ep: Allow pci_epc_set_bar() update
inbound map address") set_bar() was modified to support dynamically
changing the backing physical address of a BAR that was already configured. This means that set_bar() can be called twice, without ever calling
clear_bar() (as calling clear_bar() would clear the BAR's PCI address
assigned by the host). This can only be done if the new BAR size/flags does not differ from the
existing BAR configuration. Add these missing checks. If we allow set_bar() to set e.g. a new BAR size that differs from the
existing BAR size, the new address translation range will be smaller than
the BAR size already determined by the host, which would mean that a read
past the new BAR size would pass the iATU untranslated, which could allow
the host to read memory not belonging to the new struct pci_epf_bar. While at it, add comments which clarifies the support for dynamically
changing the physical address of a BAR. (Which was also missing.)

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-27 CVE Reserved
2025-02-27 CVE Published
2025-02-27 CVE Updated
2025-02-27 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source
https://git.kernel.org/stable/c/4284c88fff0efc4e418abb53d78e02dc4f099d6c	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/b5cacfd067060c75088363ed3e19779078be2755	2025-02-17
https://git.kernel.org/stable/c/3229c15d6267de8e704b4085df8a82a5af2d63eb	2025-02-17
https://git.kernel.org/stable/c/3708acbd5f169ebafe1faa519cb28adc56295546	2024-12-18

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.12.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.12.14"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.13.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.13.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.14-rc1 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.14-rc1"		en		Affected