Linux · Linux Kernel · CVE-2024-56760
**Name of the Vulnerable Software and Affected Versions**
Linux kernel versions prior to 6.6.74
**Description**
A vulnerability has been resolved in the Linux kernel related to PCI/MSI. The issue arises from the lack of irqdomain handling, which triggers a warning on platforms that do not provide PCI/MSI support, such as RISCV. The warning is bogus because the PCI/MSI layer knows whether a PCI/MSI parent domain is associated with the device or not. The problem was exacerbated by weak implementations that return an error, effectively papering over the issue. Loongarch also encountered the same problem by blindly enabling legacy support without implementing the necessary fallbacks. The fix involves correcting the `pci msi domain supports()` function to evaluate the legacy mode and adding a missing supported check into the MSI enable path.
**Recommendations**
To resolve the issue, update to Linux kernel version 6.6.74 or later. As a temporary workaround, consider disabling the `pci msi setup msi irqs()` function until a patch is available. Restrict access to the vulnerable `pci msi domain supports()` function to minimize the risk of exploitation. Avoid using the `MSI-X` feature in the affected API endpoint until the issue is resolved.