In the Linux kernel, a vulnerability has been resolved regarding some clocks that were missing from axg_clk_regmaps. This issue caused a kernel panic during the execution of cat /sys/kernel/debug/clk/clk_summary. This post will provide details about the vulnerability, including a code snippet, links to original references, and exploit details.

The Linux kernel is responsible for managing the hardware and software resources in a computer system, such as memory, processors, and devices. One of these resources is the clock, which is essential to keep the hardware components in sync and regulate various system operations.

The vulnerability in question was caused by the omission of a few required clocks in the axg_clk_regmaps structure. As a result, a kernel panic was triggered when running the command cat /sys/kernel/debug/clk/clk_summary, which displays a summary of all clocks in the system. The panic would display an error message similar to the following:

Unable to handle kernel NULL pointer dereference at virtual address 00000000000001fc
...

This issue has been resolved by adding the missing clocks to axg_clk_regmaps, thus preventing the kernel panic from happening. The commit that fixes the vulnerability can be found here. The patch was submitted by Jerome Brunet and has been applied to the mainline Linux kernel.

To summarize, the CVE-2024-26879 vulnerability in the Linux kernel has been resolved by adding the missing clocks to the axg_clk_regmaps structure. This has helped prevent kernel panics when running cat /sys/kernel/debug/clk/clk_summary. It is recommended that users update their Linux kernel to a version containing this fix to avoid potential issues due to this vulnerability.

Timeline

Published on: 04/17/2024 11:15:09 UTC
Last modified on: 05/29/2024 05:24:21 UTC