CVE-2024-26784 in Linux
Summary
by MITRE • 04/04/2024
In the Linux kernel, the following vulnerability has been resolved:
pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal
On unloading of the scmi_perf_domain module got the below splat, when in the DT provided to the system under test the '#power-domain-cells' property was missing. Indeed, this particular setup causes the probe to bail out early without giving any error, which leads to the ->remove() callback gets to run too, but without all the expected initialized structures in place.
Add a check and bail out early on remove too.
Call trace: scmi_perf_domain_remove+0x28/0x70 [scmi_perf_domain]
scmi_dev_remove+0x28/0x40 [scmi_core]
device_remove+0x54/0x90 device_release_driver_internal+0x1dc/0x240 driver_detach+0x58/0xa8 bus_remove_driver+0x78/0x108 driver_unregister+0x38/0x70 scmi_driver_unregister+0x28/0x180 [scmi_core]
scmi_perf_domain_driver_exit+0x18/0xb78 [scmi_perf_domain]
__arm64_sys_delete_module+0x1a8/0x2c0 invoke_syscall+0x50/0x128 el0_svc_common.constprop.0+0x48/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x34/0xb8 el0t_64_sync_handler+0x100/0x130 el0t_64_sync+0x190/0x198 Code: a90153f3 f9403c14 f9414800 955f8a05 (b9400a80) ---[ end trace 0000000000000000 ]---
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 08/07/2025
The vulnerability CVE-2024-26784 represents a critical null pointer dereference issue within the Linux kernel's SCMI (System Control and Management Interface) performance domain subsystem specifically affecting ARM architectures. This flaw manifests during the dynamic unloading of the scmi_perf_domain kernel module when the device tree configuration lacks the required '#power-domain-cells' property. The issue stems from improper error handling during the module's probe phase, where the system fails to initialize all necessary data structures before proceeding to the removal callback, creating a scenario where subsequent cleanup operations attempt to access uninitialized memory references.
The technical implementation of this vulnerability involves the SCMI performance domain driver's failure to validate preconditions during module removal operations. When the device tree configuration is incomplete, specifically missing the '#power-domain-cells' property, the probe function terminates early without proper initialization of internal data structures. However, the removal callback executes regardless, attempting to dereference pointers that were never properly allocated or configured. This creates a classic null pointer dereference condition that can lead to system crashes or potential privilege escalation opportunities. The call trace demonstrates this execution path through the SCMI core subsystem, showing how the removal sequence flows from scmi_perf_domain_remove through scmi_dev_remove to the standard device removal mechanisms before ultimately reaching the module deletion system call.
From an operational perspective, this vulnerability poses significant risks to embedded systems and ARM-based platforms that rely on SCMI for power management and performance control. The impact extends beyond simple system instability to potentially enable denial of service attacks or, in more sophisticated scenarios, privilege escalation attacks that could allow malicious actors to gain elevated system privileges. The vulnerability affects systems where dynamic module loading and unloading occurs, particularly in environments where device tree configurations may be incomplete or malformed due to development errors, deployment inconsistencies, or malicious tampering. According to CWE classification, this represents a CWE-476: NULL Pointer Dereference, which is a well-established weakness that frequently leads to system instability and security exploitation in kernel space components. The ATT&CK framework categorizes this under T1068: Exploitation for Privilege Escalation and T1499: Endpoint Denial of Service, as the vulnerability can be leveraged to disrupt system operations or gain unauthorized access to privileged execution contexts.
Mitigation strategies for CVE-2024-26784 require immediate patch application from the Linux kernel security team, which implements a straightforward but critical fix involving early validation checks within the remove callback function. System administrators should ensure all device tree configurations include the required '#power-domain-cells' property to prevent the initial probe failure that triggers this condition. Additionally, implementing proper module lifecycle management and error handling protocols can help prevent similar issues in other kernel subsystems. Organizations should conduct comprehensive testing of device tree configurations in staging environments to identify and resolve missing properties before deployment to production systems. The fix specifically addresses the root cause by adding validation checks that prevent the removal callback from executing when the necessary initialization has not occurred, thereby preventing the null pointer dereference condition that would otherwise occur during module unloading operations.