LiveActive security incident?Get immediate response
CVE Record

CVE-2024-58006: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() In commit 4284c88fff0e ("PCI: designware-ep: Allow pci_epc_set_bar() update inbound map address") set_bar() was modified to support dynamically changing the backing physical address of a BAR that was already configured. This means that set_bar() can be called twice, without ever calling clear_bar() (as calling clear_bar() would clear the BAR's PCI address assigned by the host). This can only be done if the new BAR size/flags does not differ from the existing BAR configuration. Add these missing checks. If we allow set_bar() to set e.g. a new BAR size that differs from the existing BAR size, the new address translation range will be smaller than the BAR size already determined by the host, which would mean that a read past the new BAR size would pass the iATU untranslated, which could allow the host to read memory not belonging to the new struct pci_epf_bar. While at it, add comments which clarifies the support for dynamically changing the physical address of a BAR. (Which was also missing.)

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

A Linux PCI endpoint bug could let a connected PCI host read memory outside the intended endpoint BAR mapping when BAR size or flags are changed incorrectly. The source does not provide CVSS, confirmed affected distributions, or exploitation evidence.

Executive priority

Treat as a targeted kernel exposure, not a broad internet-facing emergency based on current evidence. Prioritize asset identification and patch planning for PCI endpoint systems, especially embedded or appliance-like deployments using affected Linux kernels.

Technical view

The flaw is in Linux PCI DesignWare endpoint handling. pci_epc_set_bar() could be called again to change a BAR backing address, but lacked checks preventing size or flag changes. A smaller new iATU translation range than the host-assigned BAR could allow reads beyond the intended pci_epf_bar memory.

Likely exposure

Exposure appears limited to Linux systems using the PCI DesignWare endpoint path and affected kernel versions. The provided sources do not identify specific distributions, devices, cloud platforms, or default configurations as affected.

Exploitation context

The bundle does not show active exploitation, public exploit code, or KEV listing. The issue requires a PCI host interacting with an affected Linux endpoint BAR configuration path, so practical exposure depends on hardware role and driver use.

Researcher notes

Key behavior is the missing invariant check: re-setting an existing BAR must not change size or flags. The source states mismatched translation size versus host BAR size could let host reads pass iATU untranslated and reach unintended memory.

Mitigation direction

  • Apply vendor kernel updates that include the referenced Linux stable fixes.
  • Prioritize systems operating as PCI endpoints with DesignWare endpoint support.
  • Check distribution advisories for backported fixes and supported kernel package names.
  • Avoid custom kernel changes that alter BAR size or flags without the upstream checks.

Validation and detection

  • Inventory Linux kernels against CVE-2024-58006 and vendor security advisories.
  • Confirm whether PCI DesignWare endpoint functionality is enabled or used.
  • Review kernel changelogs for the referenced stable commits or CVE mention.
  • Validate remediation in staging before deploying kernel updates to endpoint devices.
Prepared
Confidence
medium
Sources
5

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-58006 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
4Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux4284c88fff0efc4e418abb53d78e02dc4f099d6c, 4284c88fff0efc4e418abb53d78e02dc4f099d6c, 4284c88fff0efc4e418abb53d78e02dc4f099d6cunaffected
LinuxLinux6.0, 0, 6.12.14, 6.13.3, 6.14affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.