CVE-2024-26690: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: protect updates of 64-bit statistics counters As explained by a comment in <linux/u64_stats_sync.h>, write side of struct u64_stats_sync must ensure mutual exclusion, or one seqcount update could be lost on 32-bit platforms, thus blocking readers forever. Such lockups have been observed in real world after stmmac_xmit() on one CPU raced with stmmac_napi_poll_tx() on another CPU. To fix the issue without introducing a new lock, split the statics into three parts: 1. fields updated only under the tx queue lock, 2. fields updated only during NAPI poll, 3. fields updated only from interrupt context, Updates to fields in the first two groups are already serialized through other locks. It is sufficient to split the existing struct u64_stats_sync so that each group has its own. Note that tx_set_ic_bit is updated from both contexts. Split this counter so that each context gets its own, and calculate their sum to get the total value in stmmac_get_ethtool_stats(). For the third group, multiple interrupts may be processed by different CPUs at the same time, but interrupts on the same CPU will not nest. Move fields from this group to a newly created per-cpu struct stmmac_pcpu_stats.
AI Analysis
Technical Summary
CVE-2024-26690 is a medium-severity vulnerability affecting the Linux kernel's network driver subsystem, specifically the stmmac Ethernet driver. The issue arises from improper synchronization when updating 64-bit statistics counters on 32-bit platforms. The Linux kernel uses a structure called u64_stats_sync to protect updates to 64-bit counters, which requires mutual exclusion to prevent lost updates and potential deadlocks. In this vulnerability, the write side of u64_stats_sync was not properly synchronized, leading to race conditions between concurrent CPU contexts—specifically between stmmac_xmit() on one CPU and stmmac_napi_poll_tx() on another. This race can cause one sequence count update to be lost, which in turn can block readers indefinitely, resulting in a lockup or hang of the network driver. The fix implemented avoids introducing new locks by splitting the statistics counters into three groups based on their update context: those updated under the transmit queue lock, those updated during NAPI polling, and those updated from interrupt context. Each group is protected separately, with per-CPU structures introduced for interrupt context counters to prevent concurrency issues. This architectural change ensures that updates are serialized correctly without deadlocks or lost updates, preserving system stability and network functionality. The vulnerability has a CVSS 3.1 score of 6.5, reflecting a network attack vector with low complexity, requiring privileges but no user interaction, and impacting integrity but not confidentiality or availability. No known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations, this vulnerability primarily threatens the integrity and reliability of network statistics on Linux systems using the affected stmmac Ethernet driver, which is common in embedded systems, industrial devices, and some server environments. While it does not directly lead to data breaches or denial of service, the resulting lockups can cause network interface stalls or degraded performance, impacting critical infrastructure, manufacturing systems, or telecommunications equipment relying on Linux-based networking stacks. Organizations with 32-bit Linux deployments or specialized hardware using stmmac drivers are at higher risk. The inability to accurately track network statistics can hinder monitoring and incident response efforts, potentially delaying detection of other network issues or attacks. Given the widespread use of Linux in European IT environments, especially in sectors like manufacturing, automotive, and telecommunications, this vulnerability could affect operational continuity if left unpatched. However, the requirement for local privileges to exploit and the absence of remote code execution limits the scope of impact to systems where an attacker already has some level of access.
Mitigation Recommendations
European organizations should prioritize patching Linux kernel versions to include the fix for CVE-2024-26690 as soon as updates are available from their Linux distribution vendors. Specifically, they should: 1) Identify all systems running Linux kernels with the vulnerable stmmac driver, focusing on embedded and industrial devices that may not receive automatic updates. 2) Apply kernel updates or backported patches that implement the splitting of u64_stats_sync counters and per-CPU statistics structures. 3) For systems where immediate patching is not feasible, consider isolating affected devices from critical network segments to limit potential impact. 4) Enhance monitoring of network interface statistics and system logs for signs of lockups or stalled network interfaces that could indicate exploitation attempts. 5) Review and restrict local user privileges to minimize the risk of an attacker gaining the necessary access to trigger the vulnerability. 6) Collaborate with hardware vendors to ensure firmware and driver updates incorporate the fix, especially for embedded Linux devices. These steps go beyond generic advice by focusing on the specific driver and kernel components involved, emphasizing patch management in embedded contexts, and operational monitoring tailored to the vulnerability's symptoms.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Finland, Belgium
CVE-2024-26690: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: protect updates of 64-bit statistics counters As explained by a comment in <linux/u64_stats_sync.h>, write side of struct u64_stats_sync must ensure mutual exclusion, or one seqcount update could be lost on 32-bit platforms, thus blocking readers forever. Such lockups have been observed in real world after stmmac_xmit() on one CPU raced with stmmac_napi_poll_tx() on another CPU. To fix the issue without introducing a new lock, split the statics into three parts: 1. fields updated only under the tx queue lock, 2. fields updated only during NAPI poll, 3. fields updated only from interrupt context, Updates to fields in the first two groups are already serialized through other locks. It is sufficient to split the existing struct u64_stats_sync so that each group has its own. Note that tx_set_ic_bit is updated from both contexts. Split this counter so that each context gets its own, and calculate their sum to get the total value in stmmac_get_ethtool_stats(). For the third group, multiple interrupts may be processed by different CPUs at the same time, but interrupts on the same CPU will not nest. Move fields from this group to a newly created per-cpu struct stmmac_pcpu_stats.
AI-Powered Analysis
Technical Analysis
CVE-2024-26690 is a medium-severity vulnerability affecting the Linux kernel's network driver subsystem, specifically the stmmac Ethernet driver. The issue arises from improper synchronization when updating 64-bit statistics counters on 32-bit platforms. The Linux kernel uses a structure called u64_stats_sync to protect updates to 64-bit counters, which requires mutual exclusion to prevent lost updates and potential deadlocks. In this vulnerability, the write side of u64_stats_sync was not properly synchronized, leading to race conditions between concurrent CPU contexts—specifically between stmmac_xmit() on one CPU and stmmac_napi_poll_tx() on another. This race can cause one sequence count update to be lost, which in turn can block readers indefinitely, resulting in a lockup or hang of the network driver. The fix implemented avoids introducing new locks by splitting the statistics counters into three groups based on their update context: those updated under the transmit queue lock, those updated during NAPI polling, and those updated from interrupt context. Each group is protected separately, with per-CPU structures introduced for interrupt context counters to prevent concurrency issues. This architectural change ensures that updates are serialized correctly without deadlocks or lost updates, preserving system stability and network functionality. The vulnerability has a CVSS 3.1 score of 6.5, reflecting a network attack vector with low complexity, requiring privileges but no user interaction, and impacting integrity but not confidentiality or availability. No known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations, this vulnerability primarily threatens the integrity and reliability of network statistics on Linux systems using the affected stmmac Ethernet driver, which is common in embedded systems, industrial devices, and some server environments. While it does not directly lead to data breaches or denial of service, the resulting lockups can cause network interface stalls or degraded performance, impacting critical infrastructure, manufacturing systems, or telecommunications equipment relying on Linux-based networking stacks. Organizations with 32-bit Linux deployments or specialized hardware using stmmac drivers are at higher risk. The inability to accurately track network statistics can hinder monitoring and incident response efforts, potentially delaying detection of other network issues or attacks. Given the widespread use of Linux in European IT environments, especially in sectors like manufacturing, automotive, and telecommunications, this vulnerability could affect operational continuity if left unpatched. However, the requirement for local privileges to exploit and the absence of remote code execution limits the scope of impact to systems where an attacker already has some level of access.
Mitigation Recommendations
European organizations should prioritize patching Linux kernel versions to include the fix for CVE-2024-26690 as soon as updates are available from their Linux distribution vendors. Specifically, they should: 1) Identify all systems running Linux kernels with the vulnerable stmmac driver, focusing on embedded and industrial devices that may not receive automatic updates. 2) Apply kernel updates or backported patches that implement the splitting of u64_stats_sync counters and per-CPU statistics structures. 3) For systems where immediate patching is not feasible, consider isolating affected devices from critical network segments to limit potential impact. 4) Enhance monitoring of network interface statistics and system logs for signs of lockups or stalled network interfaces that could indicate exploitation attempts. 5) Review and restrict local user privileges to minimize the risk of an attacker gaining the necessary access to trigger the vulnerability. 6) Collaborate with hardware vendors to ensure firmware and driver updates incorporate the fix, especially for embedded Linux devices. These steps go beyond generic advice by focusing on the specific driver and kernel components involved, emphasizing patch management in embedded contexts, and operational monitoring tailored to the vulnerability's symptoms.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.154Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d982ac4522896dcbe3836
Added to database: 5/21/2025, 9:08:58 AM
Last enriched: 6/29/2025, 5:25:32 PM
Last updated: 8/5/2025, 4:15:03 AM
Views: 12
Related Threats
CVE-2025-40920: CWE-340 Generation of Predictable Numbers or Identifiers in ETHER Catalyst::Authentication::Credential::HTTP
UnknownCarmaker’s Portal Vulnerability Could Have Allowed Hackers to Unlock Vehicles and Access Data
MediumCVE-2025-8285: CWE-862: Missing Authorization in Mattermost Mattermost Confluence Plugin
MediumCVE-2025-54525: CWE-1287: Improper Validation of Specified Type of Input in Mattermost Mattermost Confluence Plugin
HighCVE-2025-54478: CWE-306: Missing Authentication for Critical Function in Mattermost Mattermost Confluence Plugin
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.