CVE-2024-40968

MEDIUM EPSS 21.2%
Published Jul 12, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 12, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: MIPS: Octeon: Add PCIe link status check The standard PCIe configuration read-write interface is used to access the configuration space of the peripheral PCIe devices of the mips processor after the PCIe link surprise down, it can generate kernel panic caused by "Data bus error". So it is necessary to add PCIe link status check for system protection. When the PCIe link is down or in training, assigning a value of 0 to the configuration address can prevent read-write behavior to the configuration space of peripheral PCIe devices, thereby preventing kernel panic.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
21.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-754

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel* <4.19.317
linuxlinux_kernel*≥4.20  –  <5.4.279
linuxlinux_kernel*≥5.5  –  <5.10.221
linuxlinux_kernel*≥5.11  –  <5.15.162
linuxlinux_kernel*≥5.16  –  <6.1.96
linuxlinux_kernel*≥6.2  –  <6.6.36
linuxlinux_kernel*≥6.7  –  <6.9.7

References 9

  • git.kernel.org https://git.kernel.org/stable/c/1c33fd17383f48f679186c54df78542106deeaa0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/25998f5613159fe35920dbd484fcac7ea3ad0799
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/29b83a64df3b42c88c0338696feb6fdcd7f1f3b7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/38d647d509543e9434b3cc470b914348be271fe9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/64845ac64819683ad5e51b668b2ed56ee3386aee
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6bff05aaa32c2f7e1f6e68e890876642159db419
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6c1b9fe148a4e03bbfa234267ebb89f35285814a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d996deb80398a90dd3c03590e68dad543da87d62
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1c33fd17383f48f679186c54df78542106deeaa0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/25998f5613159fe35920dbd484fcac7ea3ad0799
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/29b83a64df3b42c88c0338696feb6fdcd7f1f3b7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/38d647d509543e9434b3cc470b914348be271fe9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/64845ac64819683ad5e51b668b2ed56ee3386aee
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6bff05aaa32c2f7e1f6e68e890876642159db419
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6c1b9fe148a4e03bbfa234267ebb89f35285814a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d996deb80398a90dd3c03590e68dad543da87d62
    Patch