CVE-2024-40963 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: make sure CBR is correctly set It was discovered that some device have CBR address set to 0 causing kernel panic when arch_sync_dma_for_cpu_all is called. This was notice in situation where the system is booted from TP1 and BMIPS_GET_CBR() returns 0 instead of a valid address and !!(read_c0_brcm_cmt_local() & (1 << 31)); not failing. The current check whether RAC flush should be disabled or not are not enough hence lets check if CBR is a valid address or not.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/10afe5f7d30f6fe50c2b1177549d0e04921fc373
https://git.kernel.org/stable/c/2cd4854ef14a487bcfb76c7980675980cad27b52
https://git.kernel.org/stable/c/36d771ce6028b886e18a4a8956a5d23688e4e13d
https://git.kernel.org/stable/c/6c0f6ccd939166f56a904c792d7fcadae43b9085
https://git.kernel.org/stable/c/89167072fd249e5f23ae2f8093f87da5925cef27
https://git.kernel.org/stable/c/ce5cdd3b05216b704a704f466fb4c2dff3778caf
https://git.kernel.org/stable/c/da895fd6da438af8d9326b8f02d715a9c76c3b5b
https://lore.kernel.org/linux-cve-announce/2024071226-CVE-2024-40963-6639@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-40963
https://www.cve.org/CVERecord?id=CVE-2024-40963

History

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-12T12:32:04.019Z

Updated: 2024-11-05T09:34:03.646Z

Reserved: 2024-07-12T12:17:45.602Z

Link: CVE-2024-40963

Vulnrichment

Updated: 2024-08-02T04:39:55.958Z

NVD

Status : Awaiting Analysis

Published: 2024-07-12T13:15:18.243

Modified: 2024-07-12T16:34:58.687

Link: CVE-2024-40963

Redhat

Severity : Low

Publid Date: 2024-07-12T00:00:00Z

Links: CVE-2024-40963 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40963", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.602Z", "datePublished": "2024-07-12T12:32:04.019Z", "dateUpdated": "2024-11-05T09:34:03.646Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:34:03.646Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmips: bmips: BCM6358: make sure CBR is correctly set\n\nIt was discovered that some device have CBR address set to 0 causing\nkernel panic when arch_sync_dma_for_cpu_all is called.\n\nThis was notice in situation where the system is booted from TP1 and\nBMIPS_GET_CBR() returns 0 instead of a valid address and\n!!(read_c0_brcm_cmt_local() & (1 << 31)); not failing.\n\nThe current check whether RAC flush should be disabled or not are not\nenough hence lets check if CBR is a valid address or not."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/mips/bmips/setup.c"], "versions": [{"version": "d65de5ee8b72", "lessThan": "10afe5f7d30f", "status": "affected", "versionType": "git"}, {"version": "47a449ec09b4", "lessThan": "36d771ce6028", "status": "affected", "versionType": "git"}, {"version": "65b723644294", "lessThan": "89167072fd24", "status": "affected", "versionType": "git"}, {"version": "2cdbcff99f15", "lessThan": "6c0f6ccd9391", "status": "affected", "versionType": "git"}, {"version": "ab327f8acdf8", "lessThan": "2cd4854ef14a", "status": "affected", "versionType": "git"}, {"version": "ab327f8acdf8", "lessThan": "da895fd6da43", "status": "affected", "versionType": "git"}, {"version": "ab327f8acdf8", "lessThan": "ce5cdd3b0521", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/mips/bmips/setup.c"], "versions": [{"version": "6.3", "status": "affected"}, {"version": "0", "lessThan": "6.3", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.279", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.221", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.96", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.36", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.7", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/10afe5f7d30f6fe50c2b1177549d0e04921fc373"}, {"url": "https://git.kernel.org/stable/c/36d771ce6028b886e18a4a8956a5d23688e4e13d"}, {"url": "https://git.kernel.org/stable/c/89167072fd249e5f23ae2f8093f87da5925cef27"}, {"url": "https://git.kernel.org/stable/c/6c0f6ccd939166f56a904c792d7fcadae43b9085"}, {"url": "https://git.kernel.org/stable/c/2cd4854ef14a487bcfb76c7980675980cad27b52"}, {"url": "https://git.kernel.org/stable/c/da895fd6da438af8d9326b8f02d715a9c76c3b5b"}, {"url": "https://git.kernel.org/stable/c/ce5cdd3b05216b704a704f466fb4c2dff3778caf"}], "title": "mips: bmips: BCM6358: make sure CBR is correctly set", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.958Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/10afe5f7d30f6fe50c2b1177549d0e04921fc373", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/36d771ce6028b886e18a4a8956a5d23688e4e13d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/89167072fd249e5f23ae2f8093f87da5925cef27", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6c0f6ccd939166f56a904c792d7fcadae43b9085", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2cd4854ef14a487bcfb76c7980675980cad27b52", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/da895fd6da438af8d9326b8f02d715a9c76c3b5b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ce5cdd3b05216b704a704f466fb4c2dff3778caf", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40963", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:03:19.862197Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:01.545Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/10afe5f7d30f6fe50c2b1177549d0e04921fc373", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/36d771ce6028b886e18a4a8956a5d23688e4e13d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/89167072fd249e5f23ae2f8093f87da5925cef27", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6c0f6ccd939166f56a904c792d7fcadae43b9085", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2cd4854ef14a487bcfb76c7980675980cad27b52", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/da895fd6da438af8d9326b8f02d715a9c76c3b5b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ce5cdd3b05216b704a704f466fb4c2dff3778caf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.958Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40963", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:03:19.862197Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:14.111Z"}}], "cna": {"title": "mips: bmips: BCM6358: make sure CBR is correctly set", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "d65de5ee8b72", "lessThan": "10afe5f7d30f", "versionType": "git"}, {"status": "affected", "version": "47a449ec09b4", "lessThan": "36d771ce6028", "versionType": "git"}, {"status": "affected", "version": "65b723644294", "lessThan": "89167072fd24", "versionType": "git"}, {"status": "affected", "version": "2cdbcff99f15", "lessThan": "6c0f6ccd9391", "versionType": "git"}, {"status": "affected", "version": "ab327f8acdf8", "lessThan": "2cd4854ef14a", "versionType": "git"}, {"status": "affected", "version": "ab327f8acdf8", "lessThan": "da895fd6da43", "versionType": "git"}, {"status": "affected", "version": "ab327f8acdf8", "lessThan": "ce5cdd3b0521", "versionType": "git"}], "programFiles": ["arch/mips/bmips/setup.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.3"}, {"status": "unaffected", "version": "0", "lessThan": "6.3", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.279", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.221", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.162", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.96", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.36", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.7", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["arch/mips/bmips/setup.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/10afe5f7d30f6fe50c2b1177549d0e04921fc373"}, {"url": "https://git.kernel.org/stable/c/36d771ce6028b886e18a4a8956a5d23688e4e13d"}, {"url": "https://git.kernel.org/stable/c/89167072fd249e5f23ae2f8093f87da5925cef27"}, {"url": "https://git.kernel.org/stable/c/6c0f6ccd939166f56a904c792d7fcadae43b9085"}, {"url": "https://git.kernel.org/stable/c/2cd4854ef14a487bcfb76c7980675980cad27b52"}, {"url": "https://git.kernel.org/stable/c/da895fd6da438af8d9326b8f02d715a9c76c3b5b"}, {"url": "https://git.kernel.org/stable/c/ce5cdd3b05216b704a704f466fb4c2dff3778caf"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmips: bmips: BCM6358: make sure CBR is correctly set\n\nIt was discovered that some device have CBR address set to 0 causing\nkernel panic when arch_sync_dma_for_cpu_all is called.\n\nThis was notice in situation where the system is booted from TP1 and\nBMIPS_GET_CBR() returns 0 instead of a valid address and\n!!(read_c0_brcm_cmt_local() & (1 << 31)); not failing.\n\nThe current check whether RAC flush should be disabled or not are not\nenough hence lets check if CBR is a valid address or not."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:34:03.646Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40963", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:34:03.646Z", "dateReserved": "2024-07-12T12:17:45.602Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:32:04.019Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmips: bmips: BCM6358: make sure CBR is correctly set\n\nIt was discovered that some device have CBR address set to 0 causing\nkernel panic when arch_sync_dma_for_cpu_all is called.\n\nThis was notice in situation where the system is booted from TP1 and\nBMIPS_GET_CBR() returns 0 instead of a valid address and\n!!(read_c0_brcm_cmt_local() & (1 << 31)); not failing.\n\nThe current check whether RAC flush should be disabled or not are not\nenough hence lets check if CBR is a valid address or not."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mips: bmips: BCM6358: aseg\u00farese de que CBR est\u00e9 configurado correctamente. Se descubri\u00f3 que algunos dispositivos tienen la direcci\u00f3n CBR configurada en 0, lo que provoca p\u00e1nico en el kernel cuando se llama a arch_sync_dma_for_cpu_all. Esto se not\u00f3 en una situaci\u00f3n en la que el sistema se inicia desde TP1 y BMIPS_GET_CBR() devuelve 0 en lugar de una direcci\u00f3n v\u00e1lida y !!(read_c0_brcm_cmt_local() & (1 << 31)); no fallar. La verificaci\u00f3n actual de si la descarga de RAC debe desactivarse o no no es suficiente, por lo tanto, verifiquemos si CBR es una direcci\u00f3n v\u00e1lida o no."}], "id": "CVE-2024-40963", "lastModified": "2024-07-12T16:34:58.687", "metrics": {}, "published": "2024-07-12T13:15:18.243", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/10afe5f7d30f6fe50c2b1177549d0e04921fc373"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2cd4854ef14a487bcfb76c7980675980cad27b52"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/36d771ce6028b886e18a4a8956a5d23688e4e13d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6c0f6ccd939166f56a904c792d7fcadae43b9085"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/89167072fd249e5f23ae2f8093f87da5925cef27"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ce5cdd3b05216b704a704f466fb4c2dff3778caf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/da895fd6da438af8d9326b8f02d715a9c76c3b5b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: mips: bmips: BCM6358: make sure CBR is correctly set", "id": "2297547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297547"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmips: bmips: BCM6358: make sure CBR is correctly set\nIt was discovered that some device have CBR address set to 0 causing\nkernel panic when arch_sync_dma_for_cpu_all is called.\nThis was notice in situation where the system is booted from TP1 and\nBMIPS_GET_CBR() returns 0 instead of a valid address and\n!!(read_c0_brcm_cmt_local() & (1 << 31)); not failing.\nThe current check whether RAC flush should be disabled or not are not\nenough hence lets check if CBR is a valid address or not."], "name": "CVE-2024-40963", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40963\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40963\nhttps://lore.kernel.org/linux-cve-announce/2024071226-CVE-2024-40963-6639@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 5.4.279, kernel 5.10.221, kernel 5.15.162, kernel 6.1.96, kernel 6.6.36, kernel 6.9.7, kernel 6.10-rc5"}