CVE-2024-26690 in Linuxinfo

Summary

by MITRE • 04/03/2024

In the Linux kernel, the following vulnerability has been resolved:

net: stmmac: protect updates of 64-bit statistics counters

As explained by a comment in , write side of struct u64_stats_sync must ensure mutual exclusion, or one seqcount update could be lost on 32-bit platforms, thus blocking readers forever. Such lockups have been observed in real world after stmmac_xmit() on one CPU raced with stmmac_napi_poll_tx() on another CPU.

To fix the issue without introducing a new lock, split the statics into three parts:

1. fields updated only under the tx queue lock, 2. fields updated only during NAPI poll, 3. fields updated only from interrupt context,

Updates to fields in the first two groups are already serialized through other locks. It is sufficient to split the existing struct u64_stats_sync so that each group has its own.

Note that tx_set_ic_bit is updated from both contexts. Split this counter so that each context gets its own, and calculate their sum to get the total value in stmmac_get_ethtool_stats().

For the third group, multiple interrupts may be processed by different CPUs at the same time, but interrupts on the same CPU will not nest. Move fields from this group to a newly created per-cpu struct stmmac_pcpu_stats.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 01/12/2026

The vulnerability CVE-2024-26690 addresses a critical race condition in the Linux kernel's stmmac network driver that affects 64-bit statistics counter updates. This issue specifically targets the synchronization mechanisms used in the network driver's statistics collection, where improper handling of concurrent updates can lead to permanent system lockups. The flaw manifests when multiple CPU cores attempt to modify statistics counters simultaneously, creating a scenario where sequence count updates can be lost on 32-bit platforms, effectively blocking all readers indefinitely.

The technical root cause stems from inadequate mutual exclusion in the write side of struct u64_stats_sync, which is designed to provide atomic updates to 64-bit statistics counters. When stmmac_xmit() function executes on one CPU while stmmac_napi_poll_tx() runs concurrently on another CPU, the race condition causes seqcount updates to be lost, resulting in a deadlock situation where readers cannot progress. This represents a classic concurrency issue that violates the fundamental principles of atomic operations and proper synchronization primitives. The vulnerability aligns with CWE-362, which describes concurrent execution issues, and specifically relates to improper locking mechanisms that can lead to data corruption and system instability.

The operational impact of this vulnerability extends beyond simple performance degradation to potentially causing complete system lockups in network-intensive environments. Systems utilizing stmmac network drivers under heavy load conditions are particularly susceptible to this issue, as the race conditions become more frequent with increased concurrent operations. Network administrators and system operators may observe intermittent system hangs, particularly during high throughput scenarios or when multiple network operations occur simultaneously across different CPU cores. The vulnerability affects systems where the stmmac driver is used, which includes various embedded systems and network appliances that rely on this Ethernet MAC driver implementation.

The fix implemented for CVE-2024-26690 employs a sophisticated approach to resolve the synchronization issue without introducing new locking mechanisms that could impact performance. The solution involves splitting the existing statistics structure into three distinct groups based on their update contexts, each with appropriate synchronization guarantees. Fields that are updated only under the transmit queue lock, those updated only during NAPI poll operations, and those updated only from interrupt context are separated into their own data structures. This approach addresses the specific requirements of each update context while maintaining the integrity of the statistics collection process. The tx_set_ic_bit counter, which was being updated from both contexts, is split into separate per-context counters to eliminate the race condition entirely.

The implementation of per-cpu statistics structures represents a well-considered solution that accounts for the natural processing patterns of interrupt handling in multi-core systems. Since interrupts on the same CPU will not nest, the solution moves the interrupt-context fields to a newly created per-cpu structure called stmmac_pcpu_stats, ensuring that each CPU maintains its own statistics without requiring expensive synchronization mechanisms. This approach leverages the inherent properties of the interrupt handling system to provide efficient and safe statistics updates while maintaining the total statistical values through proper aggregation in the ethtool statistics retrieval function. The fix directly addresses ATT&CK technique T1490, which involves system network denial, by preventing the system lockup conditions that could be exploited to disrupt network operations. The solution maintains backward compatibility while significantly improving the reliability and stability of network operations in multi-core environments.

Reservation

02/19/2024

Disclosure

04/03/2024

Moderation

accepted

CPE

ready

EPSS

0.00709

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!