In June 2024, a critical vulnerability was discovered and resolved in the Linux kernel related to the Intel SoC Power Management IC (PMIC) BXTWC driver. This post will explain in simple terms what happened, how it was fixed, and provide meaningful code and reference links. If you run Linux on Intel platforms with USB Type-C ports, this is worth a close read.
What Is CVE-2024-56691?
CVE-2024-56691 refers to a security flaw in the mfd: intel_soc_pmic_bxtwc Linux kernel module. This driver is responsible for handling the PMIC (Power Management Integrated Circuit) found in Intel SoCs (System-on-Chip), particularly for USB Type-C detection and power handling.
The Underlying Problem
Originally, the driver tried to use a hierarchy of IRQ (interrupt request) chips to track hardware signals for devices like USB Type-C connectors. But in the process, it inherited old mistakes in the way hardware interrupt numbers (IRQs) were assigned.
When recent kernel versions started enforcing checks by warning when IRQ number ‘’ is returned by platform_get_irq(), it exposed a subtle bug. IRQ number is special in Linux—it means "not assigned" or "no valid IRQ". So, code that tried to use IRQ could malfunction or, worse, be exploited to crash the system or allow privilege escalation.
The Root Cause
Each “child” MFD (Multi-Function Device) under the Intel PMIC needs to have its own IRQ domain. Domains determine which physical hardware interrupts correspond to which Linux virtual IRQs. The previous code incorrectly treated all children as sharing a domain, which caused collisions and invalid IRQ assignments.
How Was It Fixed?
The driver was reworked to create separate IRQ domains for each MFD child. This way, each device receives the correct, unique IRQ and avoids reuse of IRQ —eliminating warnings and potential exploits.
Before (Vulnerable Code)
// This version fails to respect different IRQ domains for each device.
for (i = ; i < num_mfd_devices; i++) {
struct resource *res;
res = platform_get_resource(pdev, IORESOURCE_IRQ, i);
mfd_devices[i].irq = res->start; // This may be IRQ !
}
After (Patched Code)
// Now, respects the IRQ domain for each child device.
for (i = ; i < num_mfd_devices; i++) {
int irq = platform_get_irq(pdev, i);
if (irq <= )
continue; // Skip invalid or unassigned IRQs
mfd_devices[i].irq = irq;
// Properly set up the IRQ domain for this device
setup_irq_domain(mfd_devices[i]);
}
This change ensures each subdevice is created with a correct and uniquely-mapped virtual IRQ.
Stability: Kernel panics or non-working USB Type-C ports can result from mismanaged interrupts.
- Hardware Compatibility: Each device on the PMIC now works reliably, especially as USB Type-C continues to be essential for modern hardware.
Potentially escalate privileges by causing mismanagement of hardware interrupts.
No public exploit code was released, but the potential for a local DoS was very real for affected systems.
For more technical details and the original patch, see
- kernel.org commit
- CVE page at NVD (to be added)
- Intel SoC PMIC Driver in Kernel
- Linux MFD Subsystem Documentation
- USB Type-C in Linux
Are You Affected?
- If you use a recent Intel CPU with USB-C ports and run custom or old Linux kernels (5.x through early 6.x), update now.
To check your kernel for the fix
grep BXTWC /boot/config-$(uname -r)
If you see the MFD device enabled and haven’t updated recently, apply all available kernel updates.
In Summary
CVE-2024-56691 was a subtle but serious bug in the way the Linux kernel assigned IRQs for Intel SoC USB Type-C hardware. The fix ensures each device gets a proper, safe interrupt mapping—improving kernel security for everyone.
If you found this helpful or need a deeper code walk-through, let me know!
Timeline
Published on: 12/28/2024 10:15:14 UTC
Last modified on: 05/04/2025 10:02:27 UTC