CVE-2024-40963

Published: Jul 12, 2024Modified: Nov 3, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: make sure CBR is correctly set It was discovered that some device have CBR address set to 0 causing kernel panic when arch_sync_dma_for_cpu_all is called. This was notice in situation where the system is booted from TP1 and BMIPS_GET_CBR() returns 0 instead of a valid address and !!(read_c0_brcm_cmt_local() & (1 << 31)); not failing. The current check whether RAC flush should be disabled or not are not enough hence lets check if CBR is a valid address or not.

Affected (15)

Products: Linux: Linux Kernel

1 product

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 5.10.177 to 5.10.221
Linux Linux Kernel	From 5.15.106 to 5.15.162
Linux Linux Kernel	From 5.4.240 to 5.4.279
Linux Linux Kernel	From 6.1.23 to 6.1.96
Linux Linux Kernel	From 6.2.10 to 6.3
Linux Linux Kernel	From 6.3.1 to 6.6.36
Linux Linux Kernel	From 6.7 to 6.9.7
Linux Linux Kernel	Version 6.10 rc1
Linux Linux Kernel	Version 6.10 rc2
Linux Linux Kernel	Version 6.10 rc3
Linux Linux Kernel	Version 6.10 rc4
Linux Linux Kernel	Version 6.3
Linux Linux Kernel	Version 6.3 rc5
Linux Linux Kernel	Version 6.3 rc6
Linux Linux Kernel	Version 6.3 rc7

Related CWEs

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (15)

https://git.kernel.org/stable/c/10afe5f7d30f6fe50c2b1177549d0e04921fc373

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/2cd4854ef14a487bcfb76c7980675980cad27b52

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/36d771ce6028b886e18a4a8956a5d23688e4e13d

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/6c0f6ccd939166f56a904c792d7fcadae43b9085

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/89167072fd249e5f23ae2f8093f87da5925cef27

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/ce5cdd3b05216b704a704f466fb4c2dff3778caf

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/da895fd6da438af8d9326b8f02d715a9c76c3b5b

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/10afe5f7d30f6fe50c2b1177549d0e04921fc373

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/2cd4854ef14a487bcfb76c7980675980cad27b52

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/36d771ce6028b886e18a4a8956a5d23688e4e13d

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/6c0f6ccd939166f56a904c792d7fcadae43b9085

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/89167072fd249e5f23ae2f8093f87da5925cef27

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/ce5cdd3b05216b704a704f466fb4c2dff3778caf

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/da895fd6da438af8d9326b8f02d715a9c76c3b5b

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.