PT-2024-29178 · Linux+4 · Linux Kernel+4

Published

2024-05-30

Updated

2025-01-15

CVE-2024-40963

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability has been discovered in the Linux kernel where some devices have a CBR address set to 0, causing a kernel panic when arch sync dma for cpu all is called. This issue occurs when the system is booted from TP1 and BMIPS GET CBR() returns 0 instead of a valid address. The current checks for disabling RAC flush are insufficient, and it is necessary to verify if the CBR is a valid address.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Check for Exceptional Conditions

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754CWE-20

Related Identifiers

BDU:2025-03439

CVE-2024-40963

DLA-4008-1

DSA-5730-1

DSA-5731-1

OESA-2024-1942

OESA-2024-1943

USN-6999-1

USN-6999-2

USN-7003-1

USN-7003-2

USN-7003-3

USN-7003-4

USN-7003-5

USN-7004-1

USN-7005-1

USN-7005-2

USN-7006-1

USN-7007-1

USN-7007-2

USN-7007-3

USN-7008-1

USN-7009-1

USN-7009-2

USN-7019-1

USN-7029-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2024-29178 · Linux+4 · Linux Kernel+4

CVE-2024-40963

Weakness Enumeration

Related Identifiers

Affected Products

References · 671