CVE-2024-40963

EPSS 0.01%
Veröffentlicht 12.07.2024 13:15:18
Zuletzt bearbeitet 17.09.2025 15:11:54
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

mips: bmips: BCM6358: make sure CBR is correctly set

It was discovered that some device have CBR address set to 0 causing
kernel panic when arch_sync_dma_for_cpu_all is called.

This was notice in situation where the system is booted from TP1 and
BMIPS_GET_CBR() returns 0 instead of a valid address and
!!(read_c0_brcm_cmt_local() & (1 << 31)); not failing.

The current check whether RAC flush should be disabled or not are not
enough hence lets check if CBR is a valid address or not.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.4.240 < 5.4.279

Linux ≫ Linux Kernel Version >= 5.10.177 < 5.10.221

Linux ≫ Linux Kernel Version >= 5.15.106 < 5.15.162

Linux ≫ Linux Kernel Version >= 6.1.23 < 6.1.96

Linux ≫ Linux Kernel Version >= 6.2.10 < 6.3

Linux ≫ Linux Kernel Version >= 6.3.1 < 6.6.36

Linux ≫ Linux Kernel Version >= 6.7 < 6.9.7

Linux ≫ Linux Kernel Version6.3 Update-

Linux ≫ Linux Kernel Version6.3 Updaterc5

Linux ≫ Linux Kernel Version6.3 Updaterc6

Linux ≫ Linux Kernel Version6.3 Updaterc7

Linux ≫ Linux Kernel Version6.10 Updaterc1

Linux ≫ Linux Kernel Version6.10 Updaterc2

Linux ≫ Linux Kernel Version6.10 Updaterc3

Linux ≫ Linux Kernel Version6.10 Updaterc4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.007

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://git.kernel.org/stable/c/10afe5f7d30f6fe50c2b1177549d0e04921fc373

Patch

https://git.kernel.org/stable/c/2cd4854ef14a487bcfb76c7980675980cad27b52

Patch

https://git.kernel.org/stable/c/36d771ce6028b886e18a4a8956a5d23688e4e13d

Patch

https://git.kernel.org/stable/c/6c0f6ccd939166f56a904c792d7fcadae43b9085

Patch

https://git.kernel.org/stable/c/89167072fd249e5f23ae2f8093f87da5925cef27

Patch

https://git.kernel.org/stable/c/ce5cdd3b05216b704a704f466fb4c2dff3778caf

Patch