CVE-2024-56540

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Prevent recovery invocation during probe and resume Refactor IPC send and receive functions to allow correct handling of operations that should not trigger a recovery process. Expose ivpu_send_receive_internal(), which is now utilized by the D0i3 entry, DCT initialization, and HWS initialization functions. These functions have been modified to return error codes gracefully, rather than initiating recovery. The updated functions are invoked within ivpu_probe() and ivpu_resume(), ensuring that any errors encountered during these stages result in a proper teardown or shutdown sequence. The previous approach of triggering recovery within these functions could lead to a race condition, potentially causing undefined behavior and kernel crashes due to null pointer dereferences.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/362ef76020ea6219a4df4ac5b738672b59527239	Patch
https://git.kernel.org/stable/c/5eaa497411197c41b0813d61ba3fbd6267049082	Patch
https://git.kernel.org/stable/c/cac822772c4dc27a285f09caf30072ab76d2bf38	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-12-27 14:15

Updated : 2025-10-01 20:17

NVD link : CVE-2024-56540

Mitre link : CVE-2024-56540

CVE.ORG link : CVE-2024-56540

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-476

NULL Pointer Dereference

{"id": "CVE-2024-56540", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}]}, "published": "2024-12-27T14:15:33.670", "references": [{"url": "https://git.kernel.org/stable/c/362ef76020ea6219a4df4ac5b738672b59527239", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5eaa497411197c41b0813d61ba3fbd6267049082", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cac822772c4dc27a285f09caf30072ab76d2bf38", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-362"}, {"lang": "en", "value": "CWE-476"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Prevent recovery invocation during probe and resume\n\nRefactor IPC send and receive functions to allow correct\nhandling of operations that should not trigger a recovery process.\n\nExpose ivpu_send_receive_internal(), which is now utilized by the D0i3\nentry, DCT initialization, and HWS initialization functions.\nThese functions have been modified to return error codes gracefully,\nrather than initiating recovery.\n\nThe updated functions are invoked within ivpu_probe() and ivpu_resume(),\nensuring that any errors encountered during these stages result in a proper\nteardown or shutdown sequence. The previous approach of triggering recovery\nwithin these functions could lead to a race condition, potentially causing\nundefined behavior and kernel crashes due to null pointer dereferences."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: accel/ivpu: Evitar la invocaci\u00f3n de recuperaci\u00f3n durante la sonda y reanudaci\u00f3n Refactorizar las funciones de env\u00edo y recepci\u00f3n de IPC para permitir la gesti\u00f3n correcta de operaciones que no deber\u00edan activar un proceso de recuperaci\u00f3n. Exponer ivpu_send_receive_internal(), que ahora es utilizado por la entrada D0i3, la inicializaci\u00f3n de DCT y las funciones de inicializaci\u00f3n de HWS. Estas funciones se han modificado para devolver c\u00f3digos de error de forma elegante, en lugar de iniciar la recuperaci\u00f3n. Las funciones actualizadas se invocan dentro de ivpu_probe() e ivpu_resume(), lo que garantiza que cualquier error encontrado durante estas etapas d\u00e9 como resultado una secuencia de desmontaje o apagado adecuada. El enfoque anterior de activar la recuperaci\u00f3n dentro de estas funciones podr\u00eda conducir a una condici\u00f3n de ejecuci\u00f3n, lo que podr\u00eda causar un comportamiento indefinido y fallas del kernel debido a desreferencias de puntero nulo."}], "lastModified": "2025-10-01T20:17:26.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF76D5FF-944B-4187-AE80-15327D64BB22", "versionEndExcluding": "6.11.11", "versionStartIncluding": "6.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776", "versionEndExcluding": "6.12.2", "versionStartIncluding": "6.12"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}