| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.9 | $0-$5k | 0.00 |
Summary
A vulnerability marked as problematic has been reported in Linux Kernel up to 6.7.8. Affected by this vulnerability is an unknown functionality of the component fsl-qdma. Performing a manipulation results in initialization. This vulnerability is reported as CVE-2024-26788. No exploit exists. It is suggested to upgrade the affected component.
Details
A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.7.8. This affects an unknown code of the component fsl-qdma. The manipulation with an unknown input leads to a initialization vulnerability. CWE is classifying the issue as CWE-665. The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used. The impact remains unknown. The summary by CVE is:
In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: init irq after reg initialization Initialize the qDMA irqs after the registers are configured so that interrupts that may have been pending from a primary kernel don't get processed by the irq handler before it is ready to and cause panic with the following trace: Call trace: fsl_qdma_queue_handler+0xf8/0x3e8 __handle_irq_event_percpu+0x78/0x2b0 handle_irq_event_percpu+0x1c/0x68 handle_irq_event+0x44/0x78 handle_fasteoi_irq+0xc8/0x178 generic_handle_irq+0x24/0x38 __handle_domain_irq+0x90/0x100 gic_handle_irq+0x5c/0xb8 el1_irq+0xb8/0x180 _raw_spin_unlock_irqrestore+0x14/0x40 __setup_irq+0x4bc/0x798 request_threaded_irq+0xd8/0x190 devm_request_threaded_irq+0x74/0xe8 fsl_qdma_probe+0x4d4/0xca8 platform_drv_probe+0x50/0xa0 really_probe+0xe0/0x3f8 driver_probe_device+0x64/0x130 device_driver_attach+0x6c/0x78 __driver_attach+0xbc/0x158 bus_for_each_dev+0x5c/0x98 driver_attach+0x20/0x28 bus_add_driver+0x158/0x220 driver_register+0x60/0x110 __platform_driver_register+0x44/0x50 fsl_qdma_driver_init+0x18/0x20 do_one_initcall+0x48/0x258 kernel_init_freeable+0x1a4/0x23c kernel_init+0x10/0xf8 ret_from_fork+0x10/0x18
It is possible to read the advisory at git.kernel.org. This vulnerability is uniquely identified as CVE-2024-26788 since 02/19/2024. The exploitability is told to be difficult. The technical details are unknown and an exploit is not publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 248407 (Linux Distros Unpatched Vulnerability : CVE-2024-26788), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 5.4.271, 5.10.212, 5.15.151, 6.1.81, 6.6.21, 6.7.9 or 6.8 eliminates this vulnerability. Applying the patch 3cc5fb824c21/9579a21e99fe/4529c084a320/474d521da890/a69c8bbb9469/677102a93064/87a39071e0b6 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at Tenable (248407) and CERT Bund (WID-SEC-2024-0773). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Affected
- Debian Linux
- Amazon Linux 2
- Red Hat Enterprise Linux
- Ubuntu Linux
- SUSE Linux
- IBM InfoSphere Guardium
- Oracle Linux
- NetApp FAS
- EMC Avamar
- Oracle VM
- NetApp AFF
- Dell NetWorker
- IBM Security Guardium
- RESF Rocky Linux
- Open Source Linux Kernel
- SolarWinds Security Event Manager
- Broadcom Brocade SANnav
- IBM Business Automation Workflow
- IBM Spectrum Protect Plus
- IBM QRadar SIEM
- Juniper Junos Space
- IBM DB2
- IBM Storage Scale System
Product
Type
Vendor
Name
Version
- 5.4.270
- 5.10.211
- 5.15.150
- 6.1.0
- 6.1.1
- 6.1.2
- 6.1.3
- 6.1.4
- 6.1.5
- 6.1.6
- 6.1.7
- 6.1.8
- 6.1.9
- 6.1.10
- 6.1.11
- 6.1.12
- 6.1.13
- 6.1.14
- 6.1.15
- 6.1.16
- 6.1.17
- 6.1.18
- 6.1.19
- 6.1.20
- 6.1.21
- 6.1.22
- 6.1.23
- 6.1.24
- 6.1.25
- 6.1.26
- 6.1.27
- 6.1.28
- 6.1.29
- 6.1.30
- 6.1.31
- 6.1.32
- 6.1.33
- 6.1.34
- 6.1.35
- 6.1.36
- 6.1.37
- 6.1.38
- 6.1.39
- 6.1.40
- 6.1.41
- 6.1.42
- 6.1.43
- 6.1.44
- 6.1.45
- 6.1.46
- 6.1.47
- 6.1.48
- 6.1.49
- 6.1.50
- 6.1.51
- 6.1.52
- 6.1.53
- 6.1.54
- 6.1.55
- 6.1.56
- 6.1.57
- 6.1.58
- 6.1.59
- 6.1.60
- 6.1.61
- 6.1.62
- 6.1.63
- 6.1.64
- 6.1.65
- 6.1.66
- 6.1.67
- 6.1.68
- 6.1.69
- 6.1.70
- 6.1.71
- 6.1.72
- 6.1.73
- 6.1.74
- 6.1.75
- 6.1.76
- 6.1.77
- 6.1.78
- 6.1.79
- 6.1.80
- 6.6.0
- 6.6.1
- 6.6.2
- 6.6.3
- 6.6.4
- 6.6.5
- 6.6.6
- 6.6.7
- 6.6.8
- 6.6.9
- 6.6.10
- 6.6.11
- 6.6.12
- 6.6.13
- 6.6.14
- 6.6.15
- 6.6.16
- 6.6.17
- 6.6.18
- 6.6.19
- 6.6.20
- 6.7.0
- 6.7.1
- 6.7.2
- 6.7.3
- 6.7.4
- 6.7.5
- 6.7.6
- 6.7.7
- 6.7.8
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.0VulDB Meta Temp Score: 4.9
VulDB Base Score: 4.6
VulDB Temp Score: 4.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: InitializationCWE: CWE-665
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 248407
Nessus Name: Linux Distros Unpatched Vulnerability : CVE-2024-26788
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 5.4.271/5.10.212/5.15.151/6.1.81/6.6.21/6.7.9/6.8
Patch: 3cc5fb824c21/9579a21e99fe/4529c084a320/474d521da890/a69c8bbb9469/677102a93064/87a39071e0b6
Timeline
02/19/2024 🔍04/04/2024 🔍
04/04/2024 🔍
08/12/2025 🔍
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2024-26788 (🔍)
GCVE (CVE): GCVE-0-2024-26788
GCVE (VulDB): GCVE-100-259347
CERT Bund: WID-SEC-2024-0773 - Linux Kernel: Mehrere Schwachstellen
Entry
Created: 04/04/2024 15:03Updated: 08/12/2025 11:56
Changes: 04/04/2024 15:03 (56), 11/05/2024 13:36 (1), 04/02/2025 05:54 (11), 08/04/2025 00:36 (7), 08/12/2025 11:56 (2)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

No comments yet. Languages: en.
Please log in to comment.