Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2024-56781

Disclosure Date: January 08, 2025 •

CVE-2024-56781 CVSS v3 Base Score: 5.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

powerpc/prom_init: Fixup missing powermac #size-cells

On some powermacs escc nodes are missing #size-cells properties,
which is deprecated and now triggers a warning at boot since commit
045b14ca5c36 (“of: WARN on deprecated #address-cells/#size-cells
handling”).

For example:

Missing ‘#size-cells’ in /pci@f2000000/mac-io@c/escc@13000
WARNING: CPU: 0 PID: 0 at drivers/of/base.c:133 of_bus_n_size_cells+0x98/0x108
Hardware name: PowerMac3,1 7400 0xc0209 PowerMac
…
Call Trace:

of_bus_n_size_cells+0x98/0x108 (unreliable)
of_bus_default_count_cells+0x40/0x60
__of_get_address+0xc8/0x21c
__of_address_to_resource+0x5c/0x228
pmz_init_port+0x5c/0x2ec
pmz_probe.isra.0+0x144/0x1e4
pmz_console_init+0x10/0x48
console_init+0xcc/0x138
start_kernel+0x5c4/0x694

As powermacs boot via prom_init it’s possible to add the missing
properties to the device tree during boot, avoiding the warning. Note
that escc-legacy nodes are also missing #size-cells properties, but
they are skipped by the macio driver, so leave them alone.

Depends-on: 045b14ca5c36 (“of: WARN on deprecated #address-cells/#size-cells handling”)

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.5 Medium

Impact Score:

3.6

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

linux

Products

linux kernel

References

Canonical

CVE-2024-56781 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56781)

Miscellaneous

https://git.kernel.org/stable/c/0b94d838018fb0a824e0cd3149034928c99fb1b7

https://git.kernel.org/stable/c/a79a7e3c03ae2a07f68b5f24d5ed549f9799ec89

https://git.kernel.org/stable/c/ee68554d2c03e32077f7b984e5289fdb005036d2

https://git.kernel.org/stable/c/6d5f0453a2228607333bff0c85238a3cb495d194

https://git.kernel.org/stable/c/691284c2cd33ffaa0b35ce53b3286b90621e9dc9

https://git.kernel.org/stable/c/296a109fa77110ba5267fe0e90a26005eecc2726

https://git.kernel.org/stable/c/cf89c9434af122f28a3552e6f9cc5158c33ce50a

Rapid7

Unknown

CVE-2024-56781

Unknown

Unknown

None

Low

Local

CVE-2024-56781

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-56781

Unknown

Unknown

None

Low

Local

CVE-2024-56781

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification