CVE-2024-26607: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: sii902x: Fix probing race issue A null pointer dereference crash has been observed rarely on TI platforms using sii9022 bridge: [ 53.271356] sii902x_get_edid+0x34/0x70 [sii902x] [ 53.276066] sii902x_bridge_get_edid+0x14/0x20 [sii902x] [ 53.281381] drm_bridge_get_edid+0x20/0x34 [drm] [ 53.286305] drm_bridge_connector_get_modes+0x8c/0xcc [drm_kms_helper] [ 53.292955] drm_helper_probe_single_connector_modes+0x190/0x538 [drm_kms_helper] [ 53.300510] drm_client_modeset_probe+0x1f0/0xbd4 [drm] [ 53.305958] __drm_fb_helper_initial_config_and_unlock+0x50/0x510 [drm_kms_helper] [ 53.313611] drm_fb_helper_initial_config+0x48/0x58 [drm_kms_helper] [ 53.320039] drm_fbdev_dma_client_hotplug+0x84/0xd4 [drm_dma_helper] [ 53.326401] drm_client_register+0x5c/0xa0 [drm] [ 53.331216] drm_fbdev_dma_setup+0xc8/0x13c [drm_dma_helper] [ 53.336881] tidss_probe+0x128/0x264 [tidss] [ 53.341174] platform_probe+0x68/0xc4 [ 53.344841] really_probe+0x188/0x3c4 [ 53.348501] __driver_probe_device+0x7c/0x16c [ 53.352854] driver_probe_device+0x3c/0x10c [ 53.357033] __device_attach_driver+0xbc/0x158 [ 53.361472] bus_for_each_drv+0x88/0xe8 [ 53.365303] __device_attach+0xa0/0x1b4 [ 53.369135] device_initial_probe+0x14/0x20 [ 53.373314] bus_probe_device+0xb0/0xb4 [ 53.377145] deferred_probe_work_func+0xcc/0x124 [ 53.381757] process_one_work+0x1f0/0x518 [ 53.385770] worker_thread+0x1e8/0x3dc [ 53.389519] kthread+0x11c/0x120 [ 53.392750] ret_from_fork+0x10/0x20 The issue here is as follows: - tidss probes, but is deferred as sii902x is still missing. - sii902x starts probing and enters sii902x_init(). - sii902x calls drm_bridge_add(). Now the sii902x bridge is ready from DRM's perspective. - sii902x calls sii902x_audio_codec_init() and platform_device_register_data() - The registration of the audio platform device causes probing of the deferred devices. - tidss probes, which eventually causes sii902x_bridge_get_edid() to be called. - sii902x_bridge_get_edid() tries to use the i2c to read the edid. However, the sii902x driver has not set up the i2c part yet, leading to the crash. Fix this by moving the drm_bridge_add() to the end of the sii902x_init(), which is also at the very end of sii902x_probe().
AI Analysis
Technical Summary
CVE-2024-26607 is a vulnerability in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically affecting the sii902x bridge driver used on certain Texas Instruments (TI) platforms. The issue arises from a race condition during the probing sequence of the sii902x bridge and the tidss device. During system initialization, the tidss device probe is deferred because the sii902x bridge is not fully initialized. However, the sii902x driver prematurely registers the DRM bridge before completing the setup of its I2C interface, which is essential for reading the Extended Display Identification Data (EDID) from connected displays. When the deferred tidss probe resumes, it triggers a call to sii902x_bridge_get_edid(), which attempts to access the I2C interface that has not yet been initialized, resulting in a null pointer dereference and kernel crash. This vulnerability leads to a denial of service (DoS) condition due to the kernel panic. The root cause is the incorrect ordering of initialization steps in the sii902x driver, where drm_bridge_add() is called too early. The fix involves moving drm_bridge_add() to the end of the sii902x_init() function, ensuring the I2C interface is fully set up before the bridge is registered and probed by dependent devices. This correction prevents the race condition and null pointer dereference. No known exploits are currently reported in the wild, and the vulnerability affects Linux kernel versions containing the sii902x driver on TI platforms. The issue is subtle and rare but can cause system instability or crashes during boot or device initialization phases.
Potential Impact
For European organizations, the impact of CVE-2024-26607 primarily manifests as potential system instability or denial of service on Linux-based systems using affected TI hardware platforms with the sii902x bridge. This could affect embedded systems, industrial control systems, or specialized computing devices relying on these platforms. Organizations in sectors such as manufacturing, telecommunications, automotive, and critical infrastructure that deploy Linux on TI hardware could experience unexpected reboots or downtime, potentially disrupting operations. While the vulnerability does not directly lead to privilege escalation or data compromise, the resulting kernel crashes could interrupt services, cause data loss in volatile memory, or trigger cascading failures in dependent systems. The rarity of the crash and the requirement for specific hardware limit the scope, but affected systems in production environments could face reliability issues. European entities with supply chains or products incorporating TI platforms should be aware of this risk, especially where high availability is critical. The vulnerability also underscores the importance of timely Linux kernel updates and hardware driver patches to maintain system stability.
Mitigation Recommendations
1. Apply the official Linux kernel patches that reorder the initialization sequence in the sii902x driver, ensuring drm_bridge_add() is called after the I2C interface setup completes. Monitor Linux kernel updates and backport fixes if necessary. 2. For organizations using custom or embedded Linux distributions, verify that the sii902x driver version includes this fix before deployment. 3. Conduct thorough testing of system boot and device initialization sequences on affected TI platforms to detect any instability or crashes. 4. Implement robust monitoring and alerting for kernel panics or unexpected reboots on devices using the affected hardware. 5. Where possible, isolate critical systems running on vulnerable hardware to minimize impact from potential crashes. 6. Engage with hardware vendors and Linux distribution maintainers to confirm patch availability and deployment timelines. 7. Consider fallback or redundant systems to maintain availability during patch rollout or in case of unexpected failures. 8. Document and review device driver dependencies and initialization order in embedded systems to prevent similar race conditions.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy
CVE-2024-26607: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: sii902x: Fix probing race issue A null pointer dereference crash has been observed rarely on TI platforms using sii9022 bridge: [ 53.271356] sii902x_get_edid+0x34/0x70 [sii902x] [ 53.276066] sii902x_bridge_get_edid+0x14/0x20 [sii902x] [ 53.281381] drm_bridge_get_edid+0x20/0x34 [drm] [ 53.286305] drm_bridge_connector_get_modes+0x8c/0xcc [drm_kms_helper] [ 53.292955] drm_helper_probe_single_connector_modes+0x190/0x538 [drm_kms_helper] [ 53.300510] drm_client_modeset_probe+0x1f0/0xbd4 [drm] [ 53.305958] __drm_fb_helper_initial_config_and_unlock+0x50/0x510 [drm_kms_helper] [ 53.313611] drm_fb_helper_initial_config+0x48/0x58 [drm_kms_helper] [ 53.320039] drm_fbdev_dma_client_hotplug+0x84/0xd4 [drm_dma_helper] [ 53.326401] drm_client_register+0x5c/0xa0 [drm] [ 53.331216] drm_fbdev_dma_setup+0xc8/0x13c [drm_dma_helper] [ 53.336881] tidss_probe+0x128/0x264 [tidss] [ 53.341174] platform_probe+0x68/0xc4 [ 53.344841] really_probe+0x188/0x3c4 [ 53.348501] __driver_probe_device+0x7c/0x16c [ 53.352854] driver_probe_device+0x3c/0x10c [ 53.357033] __device_attach_driver+0xbc/0x158 [ 53.361472] bus_for_each_drv+0x88/0xe8 [ 53.365303] __device_attach+0xa0/0x1b4 [ 53.369135] device_initial_probe+0x14/0x20 [ 53.373314] bus_probe_device+0xb0/0xb4 [ 53.377145] deferred_probe_work_func+0xcc/0x124 [ 53.381757] process_one_work+0x1f0/0x518 [ 53.385770] worker_thread+0x1e8/0x3dc [ 53.389519] kthread+0x11c/0x120 [ 53.392750] ret_from_fork+0x10/0x20 The issue here is as follows: - tidss probes, but is deferred as sii902x is still missing. - sii902x starts probing and enters sii902x_init(). - sii902x calls drm_bridge_add(). Now the sii902x bridge is ready from DRM's perspective. - sii902x calls sii902x_audio_codec_init() and platform_device_register_data() - The registration of the audio platform device causes probing of the deferred devices. - tidss probes, which eventually causes sii902x_bridge_get_edid() to be called. - sii902x_bridge_get_edid() tries to use the i2c to read the edid. However, the sii902x driver has not set up the i2c part yet, leading to the crash. Fix this by moving the drm_bridge_add() to the end of the sii902x_init(), which is also at the very end of sii902x_probe().
AI-Powered Analysis
Technical Analysis
CVE-2024-26607 is a vulnerability in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically affecting the sii902x bridge driver used on certain Texas Instruments (TI) platforms. The issue arises from a race condition during the probing sequence of the sii902x bridge and the tidss device. During system initialization, the tidss device probe is deferred because the sii902x bridge is not fully initialized. However, the sii902x driver prematurely registers the DRM bridge before completing the setup of its I2C interface, which is essential for reading the Extended Display Identification Data (EDID) from connected displays. When the deferred tidss probe resumes, it triggers a call to sii902x_bridge_get_edid(), which attempts to access the I2C interface that has not yet been initialized, resulting in a null pointer dereference and kernel crash. This vulnerability leads to a denial of service (DoS) condition due to the kernel panic. The root cause is the incorrect ordering of initialization steps in the sii902x driver, where drm_bridge_add() is called too early. The fix involves moving drm_bridge_add() to the end of the sii902x_init() function, ensuring the I2C interface is fully set up before the bridge is registered and probed by dependent devices. This correction prevents the race condition and null pointer dereference. No known exploits are currently reported in the wild, and the vulnerability affects Linux kernel versions containing the sii902x driver on TI platforms. The issue is subtle and rare but can cause system instability or crashes during boot or device initialization phases.
Potential Impact
For European organizations, the impact of CVE-2024-26607 primarily manifests as potential system instability or denial of service on Linux-based systems using affected TI hardware platforms with the sii902x bridge. This could affect embedded systems, industrial control systems, or specialized computing devices relying on these platforms. Organizations in sectors such as manufacturing, telecommunications, automotive, and critical infrastructure that deploy Linux on TI hardware could experience unexpected reboots or downtime, potentially disrupting operations. While the vulnerability does not directly lead to privilege escalation or data compromise, the resulting kernel crashes could interrupt services, cause data loss in volatile memory, or trigger cascading failures in dependent systems. The rarity of the crash and the requirement for specific hardware limit the scope, but affected systems in production environments could face reliability issues. European entities with supply chains or products incorporating TI platforms should be aware of this risk, especially where high availability is critical. The vulnerability also underscores the importance of timely Linux kernel updates and hardware driver patches to maintain system stability.
Mitigation Recommendations
1. Apply the official Linux kernel patches that reorder the initialization sequence in the sii902x driver, ensuring drm_bridge_add() is called after the I2C interface setup completes. Monitor Linux kernel updates and backport fixes if necessary. 2. For organizations using custom or embedded Linux distributions, verify that the sii902x driver version includes this fix before deployment. 3. Conduct thorough testing of system boot and device initialization sequences on affected TI platforms to detect any instability or crashes. 4. Implement robust monitoring and alerting for kernel panics or unexpected reboots on devices using the affected hardware. 5. Where possible, isolate critical systems running on vulnerable hardware to minimize impact from potential crashes. 6. Engage with hardware vendors and Linux distribution maintainers to confirm patch availability and deployment timelines. 7. Consider fallback or redundant systems to maintain availability during patch rollout or in case of unexpected failures. 8. Document and review device driver dependencies and initialization order in embedded systems to prevent similar race conditions.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.130Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982bc4522896dcbe4180
Added to database: 5/21/2025, 9:08:59 AM
Last enriched: 6/29/2025, 9:11:45 PM
Last updated: 8/7/2025, 10:23:45 PM
Views: 13
Related Threats
CVE-2025-9093: Improper Export of Android Application Components in BuzzFeed App
MediumCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.