CVE-2024-40963

mips: bmips: BCM6358: make sure CBR is correctly set

Description

In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: make sure CBR is correctly set It was discovered that some device have CBR address set to 0 causing kernel panic when arch_sync_dma_for_cpu_all is called. This was notice in situation where the system is booted from TP1 and BMIPS_GET_CBR() returns 0 instead of a valid address and !!(read_c0_brcm_cmt_local() & (1 << 31)); not failing. The current check whether RAC flush should be disabled or not are not enough hence lets check if CBR is a valid address or not.

N/A
CVSS
Severity:
EPSS 0.19%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/10afe5f7d30f6fe50c2b1177549d0e04921fc373
https://git.kernel.org/stable/c/36d771ce6028b886e18a4a8956a5d23688e4e13d
https://git.kernel.org/stable/c/89167072fd249e5f23ae2f8093f87da5925cef27
https://git.kernel.org/stable/c/6c0f6ccd939166f56a904c792d7fcadae43b9085
https://git.kernel.org/stable/c/2cd4854ef14a487bcfb76c7980675980cad27b52
https://git.kernel.org/stable/c/da895fd6da438af8d9326b8f02d715a9c76c3b5b
https://git.kernel.org/stable/c/ce5cdd3b05216b704a704f466fb4c2dff3778caf

Frequently Asked Questions

What is the severity of CVE-2024-40963?
CVE-2024-40963 has not yet been assigned a CVSS score.
How to fix CVE-2024-40963?
To fix CVE-2024-40963, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-40963 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-40963 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-40963?
CVE-2024-40963 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.