CVE-2024-57916: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57916 addresses a vulnerability in the Linux kernel's Microchip PCI1xxxx GPIO driver. The issue was discovered and disclosed on January 19, 2025, affecting multiple versions of the Linux kernel from 6.1 through 6.13-rc6. The vulnerability stems from improper handling of IRQs while accessing GPIO values in the Microchip PCI1xxxx driver (NVD).

The vulnerability is characterized by a kernel panic condition that occurs during GPIO IRQ handling in the Microchip PCI1xxxx driver. The issue was caused by improper handling of IRQs while accessing GPIO values, specifically related to the use of generic_handle_irq instead of handle_nested_irq. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The primary impact of this vulnerability is a potential denial of service through kernel panic when handling GPIO IRQs in affected systems. The CVSS scoring indicates that while the vulnerability requires local access and low privileges, it can result in high availability impact through system crashes (NVD).

The vulnerability has been patched in multiple Linux kernel versions. Fixed versions include Linux kernel 6.1.128-1 for Debian bookworm, 6.12.17-1 for Debian sid/trixie, and 6.1.128-1~deb11u1 for Debian bullseye. The fix involves replacing generic_handle_irq with handle_nested_irq in the affected driver code (Debian Security).