CVE-2024-26967 in Linuxinfo

Summary

by MITRE • 05/01/2024

In the Linux kernel, the following vulnerability has been resolved:

clk: qcom: camcc-sc8280xp: fix terminating of frequency table arrays

The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed by functions like qcom_find_freq() or qcom_find_freq_floor().

Only compile tested.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 02/06/2026

The vulnerability CVE-2024-26967 addresses a critical memory safety issue within the Qualcomm camera clock controller driver of the Linux kernel. This flaw exists in the sc8280xp platform variant and specifically affects how frequency table arrays are managed within the clock subsystem. The vulnerability stems from improper array termination, which creates potential for out-of-bounds memory access when the kernel attempts to traverse these tables during clock frequency operations.

The technical root cause of this vulnerability lies in the missing termination element within frequency table arrays used by the Qualcomm camera clock controller. According to the Common Weakness Enumeration framework, this represents a CWE-129: Improper Validation of Array Index, which occurs when array indices are not properly validated before access. The affected functions qcom_find_freq() and qcom_find_freq_floor() perform linear traversal of these arrays without proper bounds checking, as the arrays are not terminated with an empty element as expected by the kernel's clock management subsystem.

The operational impact of this vulnerability extends beyond simple memory corruption, as it could potentially enable privilege escalation or denial of service conditions within the kernel space. When these functions attempt to iterate through frequency tables, the absence of proper termination can cause the traversal logic to read beyond allocated memory boundaries, potentially accessing invalid memory locations or corrupting adjacent data structures. This type of out-of-bounds access aligns with ATT&CK technique T1068: Exploitation for Privilege Escalation, as kernel-level memory corruption can provide attackers with opportunities to gain elevated privileges.

The fix implemented for CVE-2024-26967 involves adding the missing termination entry to frequency table arrays where it was previously absent. This ensures that all arrays properly terminate with an empty element, preventing the traversal functions from accessing memory beyond the intended table boundaries. The solution follows established kernel development practices for array management and adheres to the principle of defensive programming. The vulnerability was identified and resolved through compile-time testing, indicating that the fix maintains backward compatibility while addressing the memory safety issue. The resolution demonstrates the importance of proper array termination in kernel drivers, particularly in clock management subsystems where precise memory access patterns are critical for system stability and security.

This vulnerability highlights the broader challenges in kernel security where seemingly minor implementation details can lead to significant security implications. The fix exemplifies the importance of adhering to kernel coding standards and proper array handling practices. The issue affects Qualcomm-based platforms, particularly those using the sc8280xp SoC, making it relevant to mobile devices, embedded systems, and other platforms relying on this specific clock controller implementation. The vulnerability underscores the necessity of comprehensive testing and code review processes in kernel development to identify and address memory safety issues before they can be exploited in production environments.

Reservation

02/19/2024

Disclosure

05/01/2024

Moderation

accepted

CPE

ready

EPSS

0.00193

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!