CVE-2024-56680: 
Linux Debian vulnerability analysis and mitigation

A vulnerability in the Linux kernel's Intel IPU6 (Image Processing Unit 6) driver has been identified and resolved. The issue, tracked as CVE-2024-56680, was discovered in the handling of shared interrupts when the IPU6 device is disabled. The vulnerability was disclosed on December 28, 2024, affecting the media subsystem of the Linux kernel (NVD).

The vulnerability occurs when an interrupt is triggered from another device on a shared IRQ line while the IPU6 device itself is disabled. In such cases, the ISRSTATUS register returns 0xffffffff, causing the system to handle all interrupt cases for which it is not prepared, potentially leading to system hangs. The fix implements proper interrupt handling by using pmruntimegetifactive() to check if the device is enabled and prevents suspending it during interrupt handling. Additionally, synchronizeirq() is used in the suspend function (Kernel Patch).

When exploited, this vulnerability can cause the system to hang, resulting in a denial of service condition. The issue specifically affects systems using the Intel IPU6 device with shared interrupts (NVD).

The vulnerability has been patched in the Linux kernel. The fix involves modifying the interrupt handling mechanism in the IPU6 driver to properly check device state and manage shared interrupts. Users should update their Linux kernel to a version that includes the fix. The patch has been merged into the stable kernel tree (Kernel Patch).