{"id":"AZL-55044","summary":"CVE-2024-56760 affecting package kernel for versions less than 6.6.76.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/MSI: Handle lack of irqdomain gracefully\n\nAlexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a\nRISCV platform which does not provide PCI/MSI support:\n\n WARNING: CPU: 1 PID: 1 at drivers/pci/msi/msi.h:121 pci_msi_setup_msi_irqs+0x2c/0x32\n __pci_enable_msix_range+0x30c/0x596\n pci_msi_setup_msi_irqs+0x2c/0x32\n pci_alloc_irq_vectors_affinity+0xb8/0xe2\n\nRISCV uses hierarchical interrupt domains and correctly does not implement\nthe legacy fallback. The warning triggers from the legacy fallback stub.\n\nThat warning is bogus as the PCI/MSI layer knows whether a PCI/MSI parent\ndomain is associated with the device or not. There is a check for MSI-X,\nwhich has a legacy assumption. But that legacy fallback assumption is only\nvalid when legacy support is enabled, but otherwise the check should simply\nreturn -ENOTSUPP.\n\nLoongarch tripped over the same problem and blindly enabled legacy support\nwithout implementing the legacy fallbacks. There are weak implementations\nwhich return an error, so the problem was papered over.\n\nCorrect pci_msi_domain_supports() to evaluate the legacy mode and add\nthe missing supported check into the MSI enable path to complete it.","modified":"2026-04-01T05:18:29.652573Z","published":"2025-01-06T17:15:41Z","upstream":["CVE-2024-56760"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56760"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.76.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-55044.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}