CVE-2024-57949

216.73.217.22

· Published 09/02/2025 12:15 · Modified 11/02/2025 16:06

Labels: CVE-2024-57949 2025-02-09 416baaa9-dc9f-4396-8d5f-8c081fb06d67 CVE-2024-57949 CWE-667

Essential information

Published: 09/02/2025 12:15
Modified: 11/02/2025 16:06
Author: —
Creator: —
CVSS: 5.5 MEDIUM (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() The following call-chain leads to enabling interrupts in a nested interrupt disabled section: irq_set_vcpu_affinity() irq_get_desc_lock() raw_spin_lock_irqsave() <--- Disable interrupts its_irq_set_vcpu_affinity() guard(raw_spinlock_irq) <--- Enables interrupts when leaving the guard() irq_put_desc_unlock() <--- Warns because interrupts are enabled This was broken in commit b97e8a2f7130, which replaced the original raw_spin_[un]lock() pair with guard(raw_spinlock_irq). Fix the issue by using guard(raw_spinlock). [ tglx: Massaged change log ]

NVD status

Status: Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD: View on NVD

Affected products (CPE)

Product	CPE
linux / linux kernel	`cpe:2.3:o:linux:linux_kernel::::::::`
linux / linux kernel	`cpe:2.3:o:linux:linux_kernel::::::::`
linux / linux kernel	`cpe:2.3:o:linux:linux_kernel::::::::`
linux / linux kernel	`cpe:2.3:o:linux:linux_kernel:6.13:rc1::::::`
linux / linux kernel	`cpe:2.3:o:linux:linux_kernel:6.13:rc2::::::`
linux / linux kernel	`cpe:2.3:o:linux:linux_kernel:6.13:rc3::::::`
linux / linux kernel	`cpe:2.3:o:linux:linux_kernel:6.13:rc4::::::`
linux / linux kernel	`cpe:2.3:o:linux:linux_kernel:6.13:rc5::::::`
linux / linux kernel	`cpe:2.3:o:linux:linux_kernel:6.13:rc6::::::`
linux / linux kernel	`cpe:2.3:o:linux:linux_kernel:6.13:rc7::::::`