CVE-2024-26968: Linux Kernel Vulnerability in clk: qcom: gcc-ipq9574 Fixed

A recently resolved vulnerability (CVE-2024-26968) in the Linux kernel has garnered attention within the cybersecurity community. This vulnerability is located in the clk: qcom: gcc-ipq9574 subsystem and could lead to possible out-of-bound access when traversing the frequency table arrays. This post will dive into the details of this vulnerability, including the code snippet and links to original references, in order to provide a comprehensive understanding of the issue at hand.

Exploit Details

The frequency table arrays within the clk: qcom: gcc-ipq9574 subsystem of the Linux kernel are meant to be terminated with an empty element. However, this vulnerability arose from the fact that some arrays were missing this empty terminating entry, potentially leading to out-of-bound access when the table is traversed by the qcom_find_freq() or qcom_find_freq_floor() functions.

Code Snippet

The following code snippet demonstrates the addition of the missing empty entry to terminate frequency table arrays, which effectively resolves the vulnerability.

static const struct freq_tbl ftbl_gcc_usb30_master_clk_src[] = {
	F(            19200000,          -1, 1, ),
	F(       100000000,   LPASS_XO, 5, ),
	F(       125000000,    GND_CXO, 2, 2),
	F_END
};

static const struct freq_tbl ftbl_gcc_bimc_gpu_clk_src[] = {
	F(       100000000,   LPASS_XO, 3, 2),
	F(       200000000,    GND_CXO, 2, 1),
	F(       266600000,   GND_XO1, -1, ),
	F_END
};

The addition of F_END at the end of each frequency table array serves to properly terminate the arrays, fixing the vulnerability and avoiding out-of-bound access when the table is traversed using the aforementioned functions.

Original References

To learn more about this vulnerability and its resolution, you can consult the following original sources:

1. Linux kernel Git repository, which contains the source code for the Linux kernel, where you can find the vulnerable code and the patch that addresses the issue: Linux kernel source code
2. LKML (Linux Kernel Mailing List), where kernel developers discuss Linux kernel developments and patches: LKML.org
3. The official CVE entry that provides additional information about the vulnerability: CVE-2024-26968 in the National Vulnerability Database

Conclusion

Addressing the CVE-2024-26968 vulnerability in the clk: qcom: gcc-ipq9574 subsystem of the Linux kernel is an essential step in ensuring a secure system. By properly terminating the frequency table arrays by adding the missing empty entry at the end, Linux kernel developers have mitigated the possibility of out-of-bound access when traversing these arrays with specific functions. It is crucial to stay informed about such vulnerability resolutions, apply necessary patches, and maintain a proactive approach to enhance the security of your systems.

Timeline

Published on: 05/01/2024 06:15:13 UTC
Last modified on: 05/29/2024 05:26:04 UTC