CVE-2024-26768: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC] With default config, the value of NR_CPUS is 64. When HW platform has more then 64 cpus, system will crash on these platforms. MAX_CORE_PIC is the maximum cpu number in MADT table (max physical number) which can exceed the supported maximum cpu number (NR_CPUS, max logical number), but kernel should not crash. Kernel should boot cpus with NR_CPUS, let the remainder cpus stay in BIOS. The potential crash reason is that the array acpi_core_pic[NR_CPUS] can be overflowed when parsing MADT table, and it is obvious that CORE_PIC should be corresponding to physical core rather than logical core, so it is better to define the array as acpi_core_pic[MAX_CORE_PIC]. With the patch, system can boot up 64 vcpus with qemu parameter -smp 128, otherwise system will crash with the following message. [ 0.000000] CPU 0 Unable to handle kernel paging request at virtual address 0000420000004259, era == 90000000037a5f0c, ra == 90000000037a46ec [ 0.000000] Oops[#1]: [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.8.0-rc2+ #192 [ 0.000000] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022 [ 0.000000] pc 90000000037a5f0c ra 90000000037a46ec tp 9000000003c90000 sp 9000000003c93d60 [ 0.000000] a0 0000000000000019 a1 9000000003d93bc0 a2 0000000000000000 a3 9000000003c93bd8 [ 0.000000] a4 9000000003c93a74 a5 9000000083c93a67 a6 9000000003c938f0 a7 0000000000000005 [ 0.000000] t0 0000420000004201 t1 0000000000000000 t2 0000000000000001 t3 0000000000000001 [ 0.000000] t4 0000000000000003 t5 0000000000000000 t6 0000000000000030 t7 0000000000000063 [ 0.000000] t8 0000000000000014 u0 ffffffffffffffff s9 0000000000000000 s0 9000000003caee98 [ 0.000000] s1 90000000041b0480 s2 9000000003c93da0 s3 9000000003c93d98 s4 9000000003c93d90 [ 0.000000] s5 9000000003caa000 s6 000000000a7fd000 s7 000000000f556b60 s8 000000000e0a4330 [ 0.000000] ra: 90000000037a46ec platform_init+0x214/0x250 [ 0.000000] ERA: 90000000037a5f0c efi_runtime_init+0x30/0x94 [ 0.000000] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 0.000000] PRMD: 00000000 (PPLV0 -PIE -PWE) [ 0.000000] EUEN: 00000000 (-FPE -SXE -ASXE -BTE) [ 0.000000] ECFG: 00070800 (LIE=11 VS=7) [ 0.000000] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) [ 0.000000] BADV: 0000420000004259 [ 0.000000] PRID: 0014c010 (Loongson-64bit, Loongson-3A5000) [ 0.000000] Modules linked in: [ 0.000000] Process swapper (pid: 0, threadinfo=(____ptrval____), task=(____ptrval____)) [ 0.000000] Stack : 9000000003c93a14 9000000003800898 90000000041844f8 90000000037a46ec [ 0.000000] 000000000a7fd000 0000000008290000 0000000000000000 0000000000000000 [ 0.000000] 0000000000000000 0000000000000000 00000000019d8000 000000000f556b60 [ 0.000000] 000000000a7fd000 000000000f556b08 9000000003ca7700 9000000003800000 [ 0.000000] 9000000003c93e50 9000000003800898 9000000003800108 90000000037a484c [ 0.000000] 000000000e0a4330 000000000f556b60 000000000a7fd000 000000000f556b08 [ 0.000000] 9000000003ca7700 9000000004184000 0000000000200000 000000000e02b018 [ 0.000000] 000000000a7fd000 90000000037a0790 9000000003800108 0000000000000000 [ 0.000000] 0000000000000000 000000000e0a4330 000000000f556b60 000000000a7fd000 [ 0.000000] 000000000f556b08 000000000eaae298 000000000eaa5040 0000000000200000 [ 0.000000] ... [ 0.000000] Call Trace: [ 0.000000] [<90000000037a5f0c>] efi_runtime_init+0x30/0x94 [ 0.000000] [<90000000037a46ec>] platform_init+0x214/0x250 [ 0.000000] [<90000000037a484c>] setup_arch+0x124/0x45c [ 0.000000] [<90000000037a0790>] start_kernel+0x90/0x670 [ 0.000000] [<900000000378b0d8>] kernel_entry+0xd8/0xdc
AI Analysis
Technical Summary
CVE-2024-26768 is a vulnerability in the Linux kernel specifically affecting the LoongArch architecture. The issue arises from an incorrect sizing of the acpi_core_pic array, which is defined with a size based on NR_CPUS (default 64) rather than MAX_CORE_PIC, which represents the maximum physical CPU count as indicated by the ACPI MADT table. On hardware platforms with more than 64 CPUs, this mismatch can cause an overflow of the acpi_core_pic array when parsing the MADT table during system initialization. This overflow leads to a kernel crash, as the kernel attempts to access memory beyond the allocated array bounds. The crash manifests early in the boot process, with kernel paging faults and oops messages, preventing the system from booting properly on platforms with high CPU counts. The root cause is that NR_CPUS reflects the maximum logical CPU count, while MAX_CORE_PIC corresponds to the maximum physical CPU count, which can exceed NR_CPUS. The patch changes the array size to MAX_CORE_PIC, preventing overflow and allowing the kernel to boot systems with more than 64 CPUs, such as virtual machines configured with 128 vCPUs. The vulnerability is classified under CWE-120 (buffer overflow) and has a CVSS 3.1 score of 6.5 (medium severity), with an attack vector of local, requiring low privileges, no user interaction, and impacting availability by causing system crashes. No known exploits are currently reported in the wild. This issue is specific to the LoongArch architecture and affects Linux kernel versions prior to the patch.
Potential Impact
For European organizations, the impact of this vulnerability is primarily on systems running Linux on LoongArch-based hardware platforms with more than 64 CPUs, including virtualized environments configured with high CPU counts. Organizations using such platforms may experience system instability and crashes during boot, leading to denial of service and potential operational disruptions. This could affect data centers, cloud providers, and enterprises deploying high-density virtual machines or physical servers with many cores. The inability to boot or maintain system availability can cause downtime, impacting business continuity and service delivery. Since the vulnerability does not affect confidentiality or integrity directly, the main concern is availability. European organizations relying on LoongArch architecture, which is less common than x86 or ARM, may be limited but could include specialized sectors or research institutions experimenting with or deploying Loongson processors. The vulnerability also highlights the importance of kernel updates and hardware compatibility testing in multi-core environments.
Mitigation Recommendations
To mitigate this vulnerability, organizations should: 1) Apply the official Linux kernel patch that changes the acpi_core_pic array size from NR_CPUS to MAX_CORE_PIC as soon as it is available in their distribution or kernel version. 2) For environments using virtual machines with high vCPU counts on QEMU or similar hypervisors, limit the number of vCPUs to 64 or fewer until the patch is applied to avoid triggering the overflow. 3) Conduct thorough testing of kernel updates in staging environments, especially when deploying on LoongArch hardware or high-core-count platforms, to ensure stability. 4) Monitor kernel boot logs for paging faults or oops messages indicative of this issue. 5) Collaborate with hardware and software vendors to ensure compatibility and timely updates. 6) Consider architectural alternatives if LoongArch platforms are critical but lack timely patch support. These steps go beyond generic advice by focusing on architecture-specific configurations, kernel patching, and operational controls in virtualization settings.
Affected Countries
Germany, France, United Kingdom, Netherlands, Finland
CVE-2024-26768: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC] With default config, the value of NR_CPUS is 64. When HW platform has more then 64 cpus, system will crash on these platforms. MAX_CORE_PIC is the maximum cpu number in MADT table (max physical number) which can exceed the supported maximum cpu number (NR_CPUS, max logical number), but kernel should not crash. Kernel should boot cpus with NR_CPUS, let the remainder cpus stay in BIOS. The potential crash reason is that the array acpi_core_pic[NR_CPUS] can be overflowed when parsing MADT table, and it is obvious that CORE_PIC should be corresponding to physical core rather than logical core, so it is better to define the array as acpi_core_pic[MAX_CORE_PIC]. With the patch, system can boot up 64 vcpus with qemu parameter -smp 128, otherwise system will crash with the following message. [ 0.000000] CPU 0 Unable to handle kernel paging request at virtual address 0000420000004259, era == 90000000037a5f0c, ra == 90000000037a46ec [ 0.000000] Oops[#1]: [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.8.0-rc2+ #192 [ 0.000000] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022 [ 0.000000] pc 90000000037a5f0c ra 90000000037a46ec tp 9000000003c90000 sp 9000000003c93d60 [ 0.000000] a0 0000000000000019 a1 9000000003d93bc0 a2 0000000000000000 a3 9000000003c93bd8 [ 0.000000] a4 9000000003c93a74 a5 9000000083c93a67 a6 9000000003c938f0 a7 0000000000000005 [ 0.000000] t0 0000420000004201 t1 0000000000000000 t2 0000000000000001 t3 0000000000000001 [ 0.000000] t4 0000000000000003 t5 0000000000000000 t6 0000000000000030 t7 0000000000000063 [ 0.000000] t8 0000000000000014 u0 ffffffffffffffff s9 0000000000000000 s0 9000000003caee98 [ 0.000000] s1 90000000041b0480 s2 9000000003c93da0 s3 9000000003c93d98 s4 9000000003c93d90 [ 0.000000] s5 9000000003caa000 s6 000000000a7fd000 s7 000000000f556b60 s8 000000000e0a4330 [ 0.000000] ra: 90000000037a46ec platform_init+0x214/0x250 [ 0.000000] ERA: 90000000037a5f0c efi_runtime_init+0x30/0x94 [ 0.000000] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 0.000000] PRMD: 00000000 (PPLV0 -PIE -PWE) [ 0.000000] EUEN: 00000000 (-FPE -SXE -ASXE -BTE) [ 0.000000] ECFG: 00070800 (LIE=11 VS=7) [ 0.000000] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) [ 0.000000] BADV: 0000420000004259 [ 0.000000] PRID: 0014c010 (Loongson-64bit, Loongson-3A5000) [ 0.000000] Modules linked in: [ 0.000000] Process swapper (pid: 0, threadinfo=(____ptrval____), task=(____ptrval____)) [ 0.000000] Stack : 9000000003c93a14 9000000003800898 90000000041844f8 90000000037a46ec [ 0.000000] 000000000a7fd000 0000000008290000 0000000000000000 0000000000000000 [ 0.000000] 0000000000000000 0000000000000000 00000000019d8000 000000000f556b60 [ 0.000000] 000000000a7fd000 000000000f556b08 9000000003ca7700 9000000003800000 [ 0.000000] 9000000003c93e50 9000000003800898 9000000003800108 90000000037a484c [ 0.000000] 000000000e0a4330 000000000f556b60 000000000a7fd000 000000000f556b08 [ 0.000000] 9000000003ca7700 9000000004184000 0000000000200000 000000000e02b018 [ 0.000000] 000000000a7fd000 90000000037a0790 9000000003800108 0000000000000000 [ 0.000000] 0000000000000000 000000000e0a4330 000000000f556b60 000000000a7fd000 [ 0.000000] 000000000f556b08 000000000eaae298 000000000eaa5040 0000000000200000 [ 0.000000] ... [ 0.000000] Call Trace: [ 0.000000] [<90000000037a5f0c>] efi_runtime_init+0x30/0x94 [ 0.000000] [<90000000037a46ec>] platform_init+0x214/0x250 [ 0.000000] [<90000000037a484c>] setup_arch+0x124/0x45c [ 0.000000] [<90000000037a0790>] start_kernel+0x90/0x670 [ 0.000000] [<900000000378b0d8>] kernel_entry+0xd8/0xdc
AI-Powered Analysis
Technical Analysis
CVE-2024-26768 is a vulnerability in the Linux kernel specifically affecting the LoongArch architecture. The issue arises from an incorrect sizing of the acpi_core_pic array, which is defined with a size based on NR_CPUS (default 64) rather than MAX_CORE_PIC, which represents the maximum physical CPU count as indicated by the ACPI MADT table. On hardware platforms with more than 64 CPUs, this mismatch can cause an overflow of the acpi_core_pic array when parsing the MADT table during system initialization. This overflow leads to a kernel crash, as the kernel attempts to access memory beyond the allocated array bounds. The crash manifests early in the boot process, with kernel paging faults and oops messages, preventing the system from booting properly on platforms with high CPU counts. The root cause is that NR_CPUS reflects the maximum logical CPU count, while MAX_CORE_PIC corresponds to the maximum physical CPU count, which can exceed NR_CPUS. The patch changes the array size to MAX_CORE_PIC, preventing overflow and allowing the kernel to boot systems with more than 64 CPUs, such as virtual machines configured with 128 vCPUs. The vulnerability is classified under CWE-120 (buffer overflow) and has a CVSS 3.1 score of 6.5 (medium severity), with an attack vector of local, requiring low privileges, no user interaction, and impacting availability by causing system crashes. No known exploits are currently reported in the wild. This issue is specific to the LoongArch architecture and affects Linux kernel versions prior to the patch.
Potential Impact
For European organizations, the impact of this vulnerability is primarily on systems running Linux on LoongArch-based hardware platforms with more than 64 CPUs, including virtualized environments configured with high CPU counts. Organizations using such platforms may experience system instability and crashes during boot, leading to denial of service and potential operational disruptions. This could affect data centers, cloud providers, and enterprises deploying high-density virtual machines or physical servers with many cores. The inability to boot or maintain system availability can cause downtime, impacting business continuity and service delivery. Since the vulnerability does not affect confidentiality or integrity directly, the main concern is availability. European organizations relying on LoongArch architecture, which is less common than x86 or ARM, may be limited but could include specialized sectors or research institutions experimenting with or deploying Loongson processors. The vulnerability also highlights the importance of kernel updates and hardware compatibility testing in multi-core environments.
Mitigation Recommendations
To mitigate this vulnerability, organizations should: 1) Apply the official Linux kernel patch that changes the acpi_core_pic array size from NR_CPUS to MAX_CORE_PIC as soon as it is available in their distribution or kernel version. 2) For environments using virtual machines with high vCPU counts on QEMU or similar hypervisors, limit the number of vCPUs to 64 or fewer until the patch is applied to avoid triggering the overflow. 3) Conduct thorough testing of kernel updates in staging environments, especially when deploying on LoongArch hardware or high-core-count platforms, to ensure stability. 4) Monitor kernel boot logs for paging faults or oops messages indicative of this issue. 5) Collaborate with hardware and software vendors to ensure compatibility and timely updates. 6) Consider architectural alternatives if LoongArch platforms are critical but lack timely patch support. These steps go beyond generic advice by focusing on architecture-specific configurations, kernel patching, and operational controls in virtualization settings.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.173Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d982ac4522896dcbe3b01
Added to database: 5/21/2025, 9:08:58 AM
Last enriched: 6/29/2025, 6:26:11 PM
Last updated: 7/29/2025, 6:26:03 PM
Views: 8
Related Threats
CVE-2025-9026: OS Command Injection in D-Link DIR-860L
MediumCVE-2025-9025: SQL Injection in code-projects Simple Cafe Ordering System
MediumCVE-2025-9024: SQL Injection in PHPGurukul Beauty Parlour Management System
MediumCVE-2025-9023: Buffer Overflow in Tenda AC7
HighCVE-2025-8905: CWE-94 Improper Control of Generation of Code ('Code Injection') in inpersttion Inpersttion For Theme
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.