CVE-2024-26965 - Linux Kernel Vulnerability Resolved: Clk: qcom: mmcc-msm8974: Fix Terminating of Frequency Table Arrays

A vulnerability within the Linux kernel has recently been identified and resolved. This vulnerability affects the clk (clock) subsystem and specifically targets Qualcomm's msm8974 clock implementation. The issue lies within the termination of frequency table arrays, which, if not correctly addressed, can lead to out-of-bound access and hence result in potential security risks.

This article will discuss the vulnerability, CVE-2024-26965, in further detail, providing a code snippet, links to original references, and explaining the exploit details. The language used will be simple and easy to follow for non-experts in the Linux kernel.

Code Snippet

The following code snippet showcases the change and resolution to the vulnerability. It demonstrates the proper addition of an empty entry at the end of all relevant frequency table arrays.

+{
+    .freq = VCO_END_RATE,
+    .k = , /* Marks a sentinel */
+}

Here are links to original references regarding both the vulnerability and its resolution

1. Linux kernel source code commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aacd977509070006e9a8824f720e46dae29abb1c
2. Qualcomm Clock Driver: https://source.android.com/devices/architecture/dto/devices/msm8974
3. Clock Driver Subsystem: https://www.kernel.org/doc/Documentation/clk.txt

Exploit Details

In the Linux kernel clk subsystem, various frequency table arrays need to be terminated with an empty element. The clk: qcom: mmcc-msm8974 driver did not implement this termination, causing potential out-of-bound access issues. To resolve this vulnerability, an empty entry was added to the end of these arrays.

When traversing the frequency tables, functions such as qcom_find_freq() or qcom_find_freq_floor() could potentially access memory locations beyond the intended bounds of the array. This out-of-bound access can lead to unpredictable behavior, causing stability issues, data leaks, or other security risks.

The vulnerability has been resolved by adding an empty entry to the arrays where needed, which properly terminates the arrays and prevents out-of-bound access. This change has been compile-tested, ensuring that the new implementation behaves as intended within the Linux kernel.

In conclusion, the Linux kernel vulnerability CVE-2024-26965 has successfully been identified and resolved. The clk: qcom: mmcc-msm8974 driver now correctly terminates frequency table arrays, improving the security and stability of the Linux kernel. It is recommended to update to the latest kernel version, which includes this important fix.

Timeline

Published on: 05/01/2024 06:15:12 UTC
Last modified on: 12/19/2024 08:51:21 UTC