Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-26876

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/04/2024
Last modified:
03/03/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/bridge: adv7511: fix crash on irq during probe<br /> <br /> Moved IRQ registration down to end of adv7511_probe().<br /> <br /> If an IRQ already is pending during adv7511_probe<br /> (before adv7511_cec_init) then cec_received_msg_ts<br /> could crash using uninitialized data:<br /> <br /> Unable to handle kernel read from unreadable memory at virtual address 00000000000003d5<br /> Internal error: Oops: 96000004 [#1] PREEMPT_RT SMP<br /> Call trace:<br /> cec_received_msg_ts+0x48/0x990 [cec]<br /> adv7511_cec_irq_process+0x1cc/0x308 [adv7511]<br /> adv7511_irq_process+0xd8/0x120 [adv7511]<br /> adv7511_irq_handler+0x1c/0x30 [adv7511]<br /> irq_thread_fn+0x30/0xa0<br /> irq_thread+0x14c/0x238<br /> kthread+0x190/0x1a8

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.15 (including) 6.6.55 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.7.11 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.8 (including) 6.8.2 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools