CVE-2024-57949

MEDIUM EPSS 7.1%
Published Feb 9, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 9, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() The following call-chain leads to enabling interrupts in a nested interrupt disabled section: irq_set_vcpu_affinity() irq_get_desc_lock() raw_spin_lock_irqsave() <--- Disable interrupts its_irq_set_vcpu_affinity() guard(raw_spinlock_irq) <--- Enables interrupts when leaving the guard() irq_put_desc_unlock() <--- Warns because interrupts are enabled This was broken in commit b97e8a2f7130, which replaced the original raw_spin_[un]lock() pair with guard(raw_spinlock_irq). Fix the issue by using guard(raw_spinlock). [ tglx: Massaged change log ]

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
7.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-667

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥6.1.95  –  <6.1.127
linuxlinux_kernel*≥6.6.35  –  <6.6.74
linuxlinux_kernel*≥6.9.6  –  <6.12.11
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/35cb2c6ce7da545f3b5cb1e6473ad7c3a6f08310
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6c84ff2e788fce0099ee3e71a3ed258b1ca1a223
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/93955a7788121ab5a0f7f27e988b2ed1135a4866
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d7b0e89610dd45ac6cf0d6f99bfa9ccc787db344
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/35cb2c6ce7da545f3b5cb1e6473ad7c3a6f08310
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6c84ff2e788fce0099ee3e71a3ed258b1ca1a223
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/93955a7788121ab5a0f7f27e988b2ed1135a4866
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d7b0e89610dd45ac6cf0d6f99bfa9ccc787db344
    Patch