CVE-2024-26788 in Linuxinfo

Summary

by MITRE • 04/04/2024

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: fsl-qdma: init irq after reg initialization

Initialize the qDMA irqs after the registers are configured so that interrupts that may have been pending from a primary kernel don't get processed by the irq handler before it is ready to and cause panic with the following trace:

Call trace: fsl_qdma_queue_handler+0xf8/0x3e8 __handle_irq_event_percpu+0x78/0x2b0 handle_irq_event_percpu+0x1c/0x68 handle_irq_event+0x44/0x78 handle_fasteoi_irq+0xc8/0x178 generic_handle_irq+0x24/0x38 __handle_domain_irq+0x90/0x100 gic_handle_irq+0x5c/0xb8 el1_irq+0xb8/0x180 _raw_spin_unlock_irqrestore+0x14/0x40 __setup_irq+0x4bc/0x798 request_threaded_irq+0xd8/0x190 devm_request_threaded_irq+0x74/0xe8 fsl_qdma_probe+0x4d4/0xca8 platform_drv_probe+0x50/0xa0 really_probe+0xe0/0x3f8 driver_probe_device+0x64/0x130 device_driver_attach+0x6c/0x78 __driver_attach+0xbc/0x158 bus_for_each_dev+0x5c/0x98 driver_attach+0x20/0x28 bus_add_driver+0x158/0x220 driver_register+0x60/0x110 __platform_driver_register+0x44/0x50 fsl_qdma_driver_init+0x18/0x20 do_one_initcall+0x48/0x258 kernel_init_freeable+0x1a4/0x23c kernel_init+0x10/0xf8 ret_from_fork+0x10/0x18

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 08/12/2025

The vulnerability described in CVE-2024-26788 affects the Linux kernel's Freescale QDMA (Queue Direct Memory Access) driver implementation. This issue stems from a timing problem during device initialization where interrupt handling occurs before the hardware registers are properly configured. The flaw manifests when a secondary kernel instance attempts to initialize the QDMA device, causing interrupts that were pending from a previous kernel instance to be processed before the interrupt handler is fully initialized. This premature interrupt processing results in system panic and potential kernel crashes, as demonstrated by the call trace showing execution path through the fsl_qdma_queue_handler function and subsequent interrupt handling routines.

The technical root cause of this vulnerability lies in the improper sequence of initialization operations within the fsl_qdma_probe function. Specifically, the driver attempts to request and configure interrupt handlers before completing the register initialization phase. This violates fundamental principles of device driver development where hardware resources must be fully configured before enabling interrupt processing. The issue represents a classic race condition scenario where the interrupt controller may generate events during the initialization window, and these events are not properly buffered or deferred until the handler is ready to process them. According to CWE-362, this vulnerability maps to a race condition in interrupt handling, while the ATT&CK framework would classify this under T1059.003 for system execution and potentially T1547.001 for privilege escalation if the panic leads to system instability.

The operational impact of this vulnerability extends beyond simple system crashes to potentially compromise system stability in embedded and real-time environments where QDMA functionality is critical. Systems utilizing Freescale QDMA controllers, particularly those running Linux kernels with affected versions, may experience unexpected reboots or system hangs during device initialization phases. The vulnerability is particularly concerning in automotive, industrial control, and networking applications where reliable interrupt handling is essential for proper system operation. The panic condition occurs specifically during the device probe phase, making it a critical issue for systems that dynamically load or reload device drivers. This vulnerability could be exploited by malicious actors to cause denial of service attacks or potentially leverage the system instability for privilege escalation in certain configurations.

Mitigation strategies for this vulnerability involve ensuring proper initialization sequence ordering within the driver implementation, specifically by moving interrupt initialization to occur after register configuration is complete. System administrators should update to kernel versions that contain the patched implementation where the interrupt handling is deferred until after the hardware registers are fully initialized. The fix implemented in the patch ensures that device resources are properly configured before enabling interrupt processing, eliminating the race condition window. Additionally, organizations should implement proper kernel update policies and monitoring for embedded systems that may not receive automatic updates. The vulnerability demonstrates the importance of proper device driver initialization sequences and proper interrupt handling in kernel space, aligning with security best practices outlined in the Linux kernel security documentation and industry standards for embedded system development.

Reservation

02/19/2024

Disclosure

04/04/2024

Moderation

accepted

CPE

ready

EPSS

0.00226

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!