CVE-2024-26965 in Linuxinfo

Summary

by MITRE • 05/01/2024

In the Linux kernel, the following vulnerability has been resolved:

clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays

The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed by functions like qcom_find_freq() or qcom_find_freq_floor().

Only compile tested.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 01/26/2026

The vulnerability identified as CVE-2024-26965 affects the Linux kernel's clock management subsystem, specifically within the Qualcomm multimedia clock controller driver for msm8974 platforms. This issue resides in the clk_qcom_mmcc driver implementation where frequency table arrays lack proper termination elements. The root cause stems from improper array boundary handling in the clock frequency management code that processes hardware clock configurations. When the kernel attempts to traverse these frequency tables using functions such as qcom_find_freq() or qcom_find_freq_floor(), the absence of terminating array elements creates a risk of out-of-bounds memory access patterns that could lead to system instability or potential exploitation.

The technical flaw manifests as a missing sentinel element at the end of frequency table arrays within the Qualcomm multimedia clock controller implementation. According to common security practices and the CWE taxonomy, this represents a CWE-129: Improper Validation of Array Index vulnerability where array bounds are not properly validated during traversal operations. The vulnerability occurs because the qcom_find_freq() and qcom_find_freq_floor() functions iterate through these arrays without proper boundary checks, assuming the presence of a terminating element that should logically end each table. This design flaw allows for potential memory corruption when the traversal logic encounters the actual end of the array data, leading to unauthorized memory access patterns that could be exploited by malicious actors.

The operational impact of this vulnerability extends across all Linux kernel versions that incorporate the affected Qualcomm multimedia clock controller driver, particularly impacting devices running on msm8974 platform architectures. Systems utilizing Qualcomm-based hardware with multimedia clock controllers are susceptible to potential denial of service conditions or memory corruption issues that could result in system crashes or unpredictable behavior. The vulnerability affects the kernel's ability to properly manage clock frequencies for multimedia components, potentially causing audio, video, or graphics processing failures. Given that this is a kernel-level issue, the implications could be severe for embedded systems, mobile devices, and automotive platforms that rely on Qualcomm chipsets. The vulnerability falls under ATT&CK technique T1068: Exploitation for Privilege Escalation, as memory corruption in kernel space could potentially be leveraged for privilege escalation or system compromise.

Mitigation strategies for CVE-2024-26965 focus primarily on applying the kernel patch that properly terminates the frequency table arrays with empty elements. System administrators should prioritize updating their kernel versions to include the fix, particularly those running Qualcomm msm8974 platform devices. The patch implementation involves adding a proper terminating entry to each frequency table array where it was previously missing, ensuring that traversal functions encounter a well-defined boundary condition. Additionally, monitoring for unusual system behavior or kernel panics in affected systems can help identify potential exploitation attempts. Organizations should also consider implementing kernel lockdown mechanisms and ensuring that only trusted code executes with kernel privileges. The fix aligns with secure coding practices recommended by the CERT/CC and follows the principle of least privilege in kernel space operations. Regular kernel updates and security assessments should be maintained to prevent similar issues in other driver components that might exhibit similar array boundary handling vulnerabilities.

Reservation

02/19/2024

Disclosure

05/01/2024

Moderation

accepted

CPE

ready

EPSS

0.00260

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!