{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-56540", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-27T14:03:05.987Z", "datePublished": "2024-12-27T14:11:22.207Z", "dateUpdated": "2025-01-20T06:22:32.044Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-01-20T06:22:32.044Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Prevent recovery invocation during probe and resume\n\nRefactor IPC send and receive functions to allow correct\nhandling of operations that should not trigger a recovery process.\n\nExpose ivpu_send_receive_internal(), which is now utilized by the D0i3\nentry, DCT initialization, and HWS initialization functions.\nThese functions have been modified to return error codes gracefully,\nrather than initiating recovery.\n\nThe updated functions are invoked within ivpu_probe() and ivpu_resume(),\nensuring that any errors encountered during these stages result in a proper\nteardown or shutdown sequence. The previous approach of triggering recovery\nwithin these functions could lead to a race condition, potentially causing\nundefined behavior and kernel crashes due to null pointer dereferences."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/accel/ivpu/ivpu_ipc.c", "drivers/accel/ivpu/ivpu_ipc.h", "drivers/accel/ivpu/ivpu_jsm_msg.c"], "versions": [{"version": "45e45362e0955fc3b0b622e8a0d788097f3de902", "lessThan": "cac822772c4dc27a285f09caf30072ab76d2bf38", "status": "affected", "versionType": "git"}, {"version": "45e45362e0955fc3b0b622e8a0d788097f3de902", "lessThan": "362ef76020ea6219a4df4ac5b738672b59527239", "status": "affected", "versionType": "git"}, {"version": "45e45362e0955fc3b0b622e8a0d788097f3de902", "lessThan": "5eaa497411197c41b0813d61ba3fbd6267049082", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/accel/ivpu/ivpu_ipc.c", "drivers/accel/ivpu/ivpu_ipc.h", "drivers/accel/ivpu/ivpu_jsm_msg.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.11", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.2", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/cac822772c4dc27a285f09caf30072ab76d2bf38"}, {"url": "https://git.kernel.org/stable/c/362ef76020ea6219a4df4ac5b738672b59527239"}, {"url": "https://git.kernel.org/stable/c/5eaa497411197c41b0813d61ba3fbd6267049082"}], "title": "accel/ivpu: Prevent recovery invocation during probe and resume", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF76D5FF-944B-4187-AE80-15327D64BB22", "versionEndExcluding": "6.11.11", "versionStartIncluding": "6.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776", "versionEndExcluding": "6.12.2", "versionStartIncluding": "6.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Prevent recovery invocation during probe and resume\n\nRefactor IPC send and receive functions to allow correct\nhandling of operations that should not trigger a recovery process.\n\nExpose ivpu_send_receive_internal(), which is now utilized by the D0i3\nentry, DCT initialization, and HWS initialization functions.\nThese functions have been modified to return error codes gracefully,\nrather than initiating recovery.\n\nThe updated functions are invoked within ivpu_probe() and ivpu_resume(),\nensuring that any errors encountered during these stages result in a proper\nteardown or shutdown sequence. The previous approach of triggering recovery\nwithin these functions could lead to a race condition, potentially causing\nundefined behavior and kernel crashes due to null pointer dereferences."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: accel/ivpu: Evitar la invocaci\u00f3n de recuperaci\u00f3n durante la sonda y reanudaci\u00f3n Refactorizar las funciones de env\u00edo y recepci\u00f3n de IPC para permitir la gesti\u00f3n correcta de operaciones que no deber\u00edan activar un proceso de recuperaci\u00f3n. Exponer ivpu_send_receive_internal(), que ahora es utilizado por la entrada D0i3, la inicializaci\u00f3n de DCT y las funciones de inicializaci\u00f3n de HWS. Estas funciones se han modificado para devolver c\u00f3digos de error de forma elegante, en lugar de iniciar la recuperaci\u00f3n. Las funciones actualizadas se invocan dentro de ivpu_probe() e ivpu_resume(), lo que garantiza que cualquier error encontrado durante estas etapas d\u00e9 como resultado una secuencia de desmontaje o apagado adecuada. El enfoque anterior de activar la recuperaci\u00f3n dentro de estas funciones podr\u00eda conducir a una condici\u00f3n de ejecuci\u00f3n, lo que podr\u00eda causar un comportamiento indefinido y fallas del kernel debido a desreferencias de puntero nulo."}], "id": "CVE-2024-56540", "lastModified": "2025-02-03T15:18:40.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-12-27T14:15:33.670", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/362ef76020ea6219a4df4ac5b738672b59527239"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5eaa497411197c41b0813d61ba3fbd6267049082"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cac822772c4dc27a285f09caf30072ab76d2bf38"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}, {"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: accel/ivpu: Prevent recovery invocation during probe and resume", "id": "2334507", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334507"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\naccel/ivpu: Prevent recovery invocation during probe and resume\nRefactor IPC send and receive functions to allow correct\nhandling of operations that should not trigger a recovery process.\nExpose ivpu_send_receive_internal(), which is now utilized by the D0i3\nentry, DCT initialization, and HWS initialization functions.\nThese functions have been modified to return error codes gracefully,\nrather than initiating recovery.\nThe updated functions are invoked within ivpu_probe() and ivpu_resume(),\nensuring that any errors encountered during these stages result in a proper\nteardown or shutdown sequence. The previous approach of triggering recovery\nwithin these functions could lead to a race condition, potentially causing\nundefined behavior and kernel crashes due to null pointer dereferences."], "name": "CVE-2024-56540", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-12-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-56540\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-56540\nhttps://lore.kernel.org/linux-cve-announce/2024122726-CVE-2024-56540-d2f7@gregkh/T"], "threat_severity": "Moderate"}