CVE-2024-45828

i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request

Description

In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request Bus cleanup path in DMA mode may trigger a RING_OP_STAT interrupt when the ring is being stopped. Depending on timing between ring stop request completion, interrupt handler removal and code execution this may lead to a NULL pointer dereference in hci_dma_irq_handler() if it gets to run after the io_data pointer is set to NULL in hci_dma_cleanup(). Prevent this my masking the ring interrupts before ring stop request.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/a6cddf68b3405b272b5a3cad9657be0b02b34bf4 patch
https://git.kernel.org/stable/c/9d745a56aea45e47f4755bc12e6429d6314dbb54 patch
https://git.kernel.org/stable/c/a6dc4b4fda2e147e557050eaae51ff15edeb680b patch
https://git.kernel.org/stable/c/19cc5767334bfe980f52421627d0826c0da86721 patch
https://git.kernel.org/stable/c/6ca2738174e4ee44edb2ab2d86ce74f015a0cc32 patch

Frequently Asked Questions

What is the severity of CVE-2024-45828?
CVE-2024-45828 has been scored as a medium severity vulnerability.
How to fix CVE-2024-45828?
To fix CVE-2024-45828, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-45828 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-45828 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-45828?
CVE-2024-45828 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.