CVE-2024-40963

Updated: 2024-09-13 03:31:50.61988

Description:

In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: make sure CBR is correctly set It was discovered that some device have CBR address set to 0 causing kernel panic when arch_sync_dma_for_cpu_all is called. This was notice in situation where the system is booted from TP1 and BMIPS_GET_CBR() returns 0 instead of a valid address and !!(read_c0_brcm_cmt_local() & (1 << 31)); not failing. The current check whether RAC flush should be disabled or not are not enough hence lets check if CBR is a valid address or not.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x MEDIUM 4.4

Status

OS name Project name Version Score Severity Status Errata Last updated
Ubuntu 16.04 ELS linux 4.4.0 4.4 MEDIUM Ignored 2024-09-13 12:18:54
Ubuntu 18.04 ELS linux 4.15.0 4.4 MEDIUM Not Vulnerable 2024-10-02 05:29:32