CVE-2024-56760: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56760 is a vulnerability in the Linux kernel's PCI/MSI (Message Signaled Interrupts) handling system. The issue was discovered when a warning was emitted from pcimsisetupmsiirqs() on a RISCV platform that does not provide PCI/MSI support. The vulnerability affects Linux kernel versions from 6.2 up to (excluding) 6.6.69, from 6.7 up to (excluding) 6.12.8, and various release candidates of version 6.13 (NVD).

The vulnerability stems from improper handling of irqdomain in the PCI/MSI system. The issue manifests when the system encounters platforms without PCI/MSI support, particularly affecting RISCV platforms that use hierarchical interrupt domains. The vulnerability has a CVSS v3.1 Base Score of 5.5 (Medium) with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, Kernel Patch).

The vulnerability primarily affects system availability. When triggered, it can cause system warnings and potential interrupt handling issues on affected platforms. The CVSS scoring indicates that while there are no direct impacts on confidentiality or integrity, there could be high impacts on system availability (NVD).

The vulnerability has been patched in the Linux kernel. The fix involves correcting pcimsidomain_supports() to evaluate the legacy mode and adding the missing supported check into the MSI enable path. The patch ensures proper handling of platforms without PCI/MSI support (Kernel Patch).