CVE-2024-26966 in Linuxinfo

Summary

by MITRE • 05/01/2024

In the Linux kernel, the following vulnerability has been resolved:

clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays

The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed by functions like qcom_find_freq() or qcom_find_freq_floor().

Only compile tested.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 02/06/2026

The vulnerability identified as CVE-2024-26966 affects the Linux kernel's clock management subsystem, specifically within the Qualcomm multimedia clock controller driver for the apq8084 platform. This issue resides in the clk_qcom_mmcc_apq8084 driver implementation where frequency table arrays lack proper termination elements. The problem manifests when the kernel attempts to traverse these arrays using functions such as qcom_find_freq() or qcom_find_freq_floor() which expect a sentinel value to indicate the end of the table. Without this termination element, the traversal logic continues beyond the intended array boundaries, creating a potential out-of-bounds memory access condition that could lead to system instability or exploitation.

The technical flaw represents a classic buffer overread vulnerability that aligns with CWE-129, which deals with insufficient bounds checking of array indices. This particular implementation error occurs in the Qualcomm multimedia clock controller driver where the frequency tables are not properly terminated with empty elements as required by the driver's traversal algorithms. The missing termination entries create a scenario where the qcom_find_freq() and qcom_find_freq_floor() functions may access memory locations beyond the allocated array bounds, potentially reading invalid memory or corrupting adjacent data structures. This type of vulnerability falls under the ATT&CK technique T1068, which involves exploiting local system privileges to achieve code execution or system compromise through improper memory management.

The operational impact of this vulnerability extends beyond simple memory corruption, as it affects the kernel's ability to properly manage clock frequencies on Qualcomm-based devices running the affected Linux kernel versions. When the clock management subsystem attempts to find specific frequency values, the missing termination elements could cause the system to access arbitrary memory locations, potentially leading to kernel crashes, data corruption, or in severe cases, privilege escalation attacks. The vulnerability is particularly concerning in embedded systems and mobile devices where the multimedia clock controller manages critical hardware components such as GPUs, displays, and audio processing units. The fix requires adding proper termination entries to the frequency table arrays, ensuring that all arrays are properly terminated with empty elements that serve as sentinels for the traversal functions.

The resolution approach for CVE-2024-26966 involves implementing proper array termination by adding empty elements to the end of frequency table arrays where they are currently missing. This change ensures that functions like qcom_find_freq() and qcom_find_freq_floor() can properly identify the end of the array without attempting to access memory beyond the allocated bounds. The fix is classified as a defensive programming improvement that aligns with secure coding practices and follows industry standards for memory management in kernel space. The vulnerability demonstrates the importance of proper array bounds checking and termination in kernel drivers, particularly those managing critical hardware resources such as clock controllers. The compilation testing mentioned in the description indicates that the fix has been validated within the kernel build environment, ensuring that the modification does not introduce new compilation errors or break existing functionality while properly addressing the out-of-bounds access issue.

Reservation

02/19/2024

Disclosure

05/01/2024

Moderation

accepted

CPE

ready

EPSS

0.00251

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!