CVE-2024-26705

medium

Description

In the Linux kernel, the following vulnerability has been resolved: parisc: BTLB: Fix crash when setting up BTLB at CPU bringup When using hotplug and bringing up a 32-bit CPU, ask the firmware about the BTLB information to set up the static (block) TLB entries. For that write access to the static btlb_info struct is needed, but since it is marked __ro_after_init the kernel segfaults with missing write permissions. Fix the crash by dropping the __ro_after_init annotation.

References

https://git.kernel.org/stable/c/aa52be55276614d33f22fbe7da36c40d6432d10b

https://git.kernel.org/stable/c/913b9d443a0180cf0de3548f1ab3149378998486

https://git.kernel.org/stable/c/54944f45470af5965fb9c28cf962ec30f38a8f5b

Details

Source: Mitre, NVD

Published: 2024-04-03

Updated: 2025-03-17

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00028