CVE-2024-26970 in Linuxinfo

Summary

by MITRE • 05/01/2024

In the Linux kernel, the following vulnerability has been resolved:

clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays

The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed by functions like qcom_find_freq() or qcom_find_freq_floor().

Only compile tested.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 02/06/2026

The vulnerability CVE-2024-26970 represents a critical memory safety issue within the Qualcomm GCC IPQ6018 clock driver implementation in the Linux kernel. This flaw exists in the handling of frequency table arrays that are used to manage clock frequencies for various hardware components in Qualcomm SoCs. The vulnerability stems from improper array termination where the frequency table arrays lack the required sentinel element that should mark the end of the table structure. According to CWE-129, this represents an implementation flaw that allows for out-of-bounds memory access when traversing array structures, specifically affecting the qcom_find_freq() and qcom_find_freq_floor() functions that iterate through these tables. The issue is particularly concerning in embedded systems and mobile devices where the Linux kernel manages critical hardware clocking operations for processors, memory controllers, and peripheral devices.

The technical execution of this vulnerability occurs when the kernel attempts to traverse frequency table arrays to locate specific frequency values or find the closest matching frequency. Without the proper terminating element, these traversal functions may continue reading beyond the allocated array boundaries, potentially accessing invalid memory locations or corrupting adjacent data structures. The qcom_find_freq() and qcom_find_freq_floor() functions are designed to search through predefined frequency tables to determine appropriate clock speeds for hardware components, but the missing termination entry causes these functions to read past the intended array limits. This behavior aligns with ATT&CK technique T1059.008 where adversaries might exploit memory corruption vulnerabilities to execute arbitrary code or cause system instability. The vulnerability affects systems using the Qualcomm IPQ6018 SoC platform where clock management is critical for system stability and performance optimization.

The operational impact of this vulnerability extends beyond simple memory corruption to potentially compromise system stability and security. When frequency table arrays are improperly terminated, the kernel's clock management subsystem could experience unpredictable behavior including system crashes, memory corruption, or denial of service conditions that affect device functionality. The vulnerability particularly impacts devices running Linux kernels on Qualcomm IPQ6018 platforms, which include various networking equipment, wireless routers, and embedded systems. An attacker who can influence the clock management functions or trigger specific conditions that cause frequency table traversal could potentially exploit this vulnerability to cause system instability or in some cases achieve privilege escalation. The issue is classified as a memory safety vulnerability that affects the kernel's ability to properly manage hardware resources, which could be leveraged in advanced persistent threat scenarios where attackers seek to maintain long-term access to affected systems.

Mitigation strategies for CVE-2024-26970 should focus on applying the official kernel patch that adds the missing termination elements to all frequency table arrays within the Qualcomm GCC IPQ6018 driver. System administrators should prioritize updating affected kernel versions to those containing the fix, particularly for devices running on Qualcomm IPQ6018 platforms that rely on proper clock management for system operation. The patch implementation follows standard kernel security practices for array boundary validation and memory safety, ensuring that all frequency table traversals include proper termination checks. Organizations should also implement monitoring for unusual system behavior or kernel panic events that might indicate memory corruption from this vulnerability. Additionally, security teams should consider the broader context of clock management vulnerabilities in embedded systems and evaluate whether similar issues exist in other hardware driver implementations within their infrastructure. The fix addresses the root cause by ensuring proper array termination as required by kernel security standards and prevents potential exploitation through out-of-bounds memory access patterns that could be leveraged for privilege escalation or system compromise.

Sources

Want to know what is going to be exploited?

We predict KEV entries!