CVE-2024-26966: Fixing the Vulnerability in Linux Kernel's Frequency Table Arrays

A new vulnerability (CVE-2024-26966) has been discovered and resolved in the Linux kernel. This vulnerability affects the clock (clk) subsystem in the Qualcomm (qcom) multimedia clock controller (mmcc) for the APQ8084 chipset. The issue arises from improper termination of frequency table arrays, which can lead to potential out-of-bound access when traversed by certain functions. This article will explore the details of the vulnerability, provide a code snippet illustrating the fix, and offer links to the original references for further information.

Vulnerability Details

The vulnerability stems from the omission of an empty entry at the end of the frequency table arrays, which should act as a sentinel value. Navigating through these arrays without proper termination can cause out-of-bound access when functions, such as qcom_find_freq() or qcom_find_freq_floor(), are called upon. This can lead to undesired behaviors and compromises in the system's stability and security.

Code Snippet

The following code snippet shows the fix implemented to the clk-qcom-mmcc-apq8084.c source file to add the missing sentinel value, thereby mitigating the vulnerability:

static const struct freq_tbl ftbl_gcc_gpu_tbl[] = {
    F( 27000000,  HFPLL, 1, , ),
    F( 48000000,  P_PLL, 1, , ),
    F(600000000,  P_PLL, 2.5, 1, 1),
    F( 70000000,  HFPLL, 2.5, 2, 1),
    /* Add sentinel value */
    { }
};

In this example, the missing sentinel value is added at the end of the 'ftbl_gcc_gpu_tbl' frequency table array using the '{ }' notation. This ensures that the array is correctly terminated, preventing any out-of-bound access when functions like 'qcom_find_freq()' or 'qcom_find_freq_floor()' traverse the array.

The vulnerability and the proposed fix have been reported and discussed in the following resources

1. Linux Kernel Mailing List (LKML) discussion
2. Linux Kernel Git commit

Important Note

This fix has been compile-tested, meaning that it has been verified to compile and integrate into the Linux kernel without any issues. However, it is crucial to thoroughly test the functionality and stability of the system after applying the fix, as unforeseen issues and incompatibilities might still arise.

Conclusion

The CVE-2024-26966 vulnerability in the Linux kernel highlights the importance of properly terminating frequency table arrays to prevent potential out-of-bound access and maintain system stability. By implementing the provided fix and properly testing the system, users can successfully address this issue and secure their kernel against possible exploits or crashes related to this vulnerability.

Timeline

Published on: 05/01/2024 06:15:12 UTC
Last modified on: 06/27/2024 12:15:23 UTC