5.5

CVE-2024-40963

In the Linux kernel, the following vulnerability has been resolved:

mips: bmips: BCM6358: make sure CBR is correctly set

It was discovered that some device have CBR address set to 0 causing
kernel panic when arch_sync_dma_for_cpu_all is called.

This was notice in situation where the system is booted from TP1 and
BMIPS_GET_CBR() returns 0 instead of a valid address and
!!(read_c0_brcm_cmt_local() & (1 << 31)); not failing.

The current check whether RAC flush should be disabled or not are not
enough hence lets check if CBR is a valid address or not.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Data is provided by the National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.4.240 < 5.4.279
LinuxLinux Kernel Version >= 5.10.177 < 5.10.221
LinuxLinux Kernel Version >= 5.15.106 < 5.15.162
LinuxLinux Kernel Version >= 6.1.23 < 6.1.96
LinuxLinux Kernel Version >= 6.2.10 < 6.3
LinuxLinux Kernel Version >= 6.3.1 < 6.6.36
LinuxLinux Kernel Version >= 6.7 < 6.9.7
LinuxLinux Kernel Version6.3 Update-
LinuxLinux Kernel Version6.3 Updaterc5
LinuxLinux Kernel Version6.3 Updaterc6
LinuxLinux Kernel Version6.3 Updaterc7
LinuxLinux Kernel Version6.10 Updaterc1
LinuxLinux Kernel Version6.10 Updaterc2
LinuxLinux Kernel Version6.10 Updaterc3
LinuxLinux Kernel Version6.10 Updaterc4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.01% 0.007
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.