CVE-2024-26968 in Linuxinfo

Summary

by MITRE • 05/01/2024

In the Linux kernel, the following vulnerability has been resolved:

clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays

The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed by functions like qcom_find_freq() or qcom_find_freq_floor().

Only compile tested.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 02/06/2026

The vulnerability CVE-2024-26968 represents a critical memory safety issue within the Qualcomm General Clock (GCC) driver for the ipq9574 platform in the Linux kernel. This flaw manifests in the improper termination of frequency table arrays, which are essential data structures used to manage clock frequencies within the system. The root cause stems from missing sentinel entries at the end of these arrays, creating potential for out-of-bounds memory access during traversal operations. The affected driver components include qcom_find_freq() and qcom_find_freq_floor() functions that iterate through these frequency tables to locate appropriate clock settings for various hardware components. Without proper termination elements, these functions may continue accessing memory beyond the intended array boundaries, potentially leading to system instability or exploitation opportunities.

The technical implementation of this vulnerability involves the clock management subsystem where frequency tables define valid clock rates for different hardware modules. These tables should conclude with a special terminating element that signals the end of valid entries, typically represented as an empty or zero-valued entry. When this termination is absent, the traversal functions cannot reliably determine where the valid data ends, resulting in potential memory corruption. The issue specifically affects the Qualcomm ipq9574 platform, which is commonly found in wireless networking devices and embedded systems requiring precise clock management. The vulnerability falls under the category of buffer over-read conditions, which are classified as CWE-129 in the Common Weakness Enumeration system and represent a fundamental memory safety concern that can lead to unpredictable behavior and potential privilege escalation.

The operational impact of CVE-2024-26968 extends beyond simple memory corruption, as it could enable attackers to manipulate system clock configurations and potentially disrupt device functionality. In embedded systems and networking equipment, such vulnerabilities may allow adversaries to cause denial of service conditions or create opportunities for privilege escalation. The ATT&CK framework categorizes this vulnerability under the T1059.007 technique for "Command and Scripting Interpreter: PowerShell" and T1547.001 for "Registry Run Keys / Startup Folder" when considering potential exploitation paths through system-level clock manipulation. The vulnerability affects systems where the qcom_gcc driver is loaded and actively manages clock frequencies, particularly those implementing the ipq9574 SoC architecture. Given that this is a kernel-level issue, the impact is significant as it operates at the core of system functionality, potentially affecting device boot processes, network connectivity, and overall system stability.

Mitigation strategies for CVE-2024-26968 focus primarily on applying the upstream kernel patch that ensures proper termination of frequency table arrays with sentinel entries. System administrators should prioritize updating their kernel versions to include this fix, particularly in production environments running Qualcomm ipq9574-based hardware. The patch implementation involves adding the missing terminating element to all affected frequency tables within the qcom_gcc driver codebase. Organizations should also conduct thorough testing of updated kernels to ensure compatibility with existing hardware configurations and network services. Additionally, monitoring systems should be configured to detect unusual clock behavior patterns that might indicate exploitation attempts. Security teams should consider implementing runtime protections such as kernel address space layout randomization and stack canaries to provide additional defense-in-depth measures. Regular vulnerability assessments and kernel updates remain crucial for maintaining system integrity, particularly in environments where these devices are deployed in critical infrastructure roles where reliability and security are paramount considerations.

Reservation

02/19/2024

Disclosure

05/01/2024

Moderation

accepted

CPE

ready

EPSS

0.00224

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!