{"uuid": "51debfbb-d7fd-41be-950f-5974625c6704", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56760", "type": "seen", "source": "https://t.me/cvedetector/14383", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56760 - Linux kernel PCI/MSI MSI-RISCV Incorrect Legacy Fallback Handling Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-56760 \nPublished : Jan. 6, 2025, 5:15 p.m. | 43\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nPCI/MSI: Handle lack of irqdomain gracefully  \n  \nAlexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a  \nRISCV platform which does not provide PCI/MSI support:  \n  \n WARNING: CPU: 1 PID: 1 at drivers/pci/msi/msi.h:121 pci_msi_setup_msi_irqs+0x2c/0x32  \n __pci_enable_msix_range+0x30c/0x596  \n pci_msi_setup_msi_irqs+0x2c/0x32  \n pci_alloc_irq_vectors_affinity+0xb8/0xe2  \n  \nRISCV uses hierarchical interrupt domains and correctly does not implement  \nthe legacy fallback. The warning triggers from the legacy fallback stub.  \n  \nThat warning is bogus as the PCI/MSI layer knows whether a PCI/MSI parent  \ndomain is associated with the device or not. There is a check for MSI-X,  \nwhich has a legacy assumption. But that legacy fallback assumption is only  \nvalid when legacy support is enabled, but otherwise the check should simply  \nreturn -ENOTSUPP.  \n  \nLoongarch tripped over the same problem and blindly enabled legacy support  \nwithout implementing the legacy fallbacks. There are weak implementations  \nwhich return an error, so the problem was papered over.  \n  \nCorrect pci_msi_domain_supports() to evaluate the legacy mode and add  \nthe missing supported check into the MSI enable path to complete it. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-06T19:26:40.000000Z"}