CVE-2024-26784: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal On unloading of the scmi_perf_domain module got the below splat, when in the DT provided to the system under test the '#power-domain-cells' property was missing. Indeed, this particular setup causes the probe to bail out early without giving any error, which leads to the ->remove() callback gets to run too, but without all the expected initialized structures in place. Add a check and bail out early on remove too. Call trace: scmi_perf_domain_remove+0x28/0x70 [scmi_perf_domain] scmi_dev_remove+0x28/0x40 [scmi_core] device_remove+0x54/0x90 device_release_driver_internal+0x1dc/0x240 driver_detach+0x58/0xa8 bus_remove_driver+0x78/0x108 driver_unregister+0x38/0x70 scmi_driver_unregister+0x28/0x180 [scmi_core] scmi_perf_domain_driver_exit+0x18/0xb78 [scmi_perf_domain] __arm64_sys_delete_module+0x1a8/0x2c0 invoke_syscall+0x50/0x128 el0_svc_common.constprop.0+0x48/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x34/0xb8 el0t_64_sync_handler+0x100/0x130 el0t_64_sync+0x190/0x198 Code: a90153f3 f9403c14 f9414800 955f8a05 (b9400a80) ---[ end trace 0000000000000000 ]---
AI Analysis
Technical Summary
CVE-2024-26784 is a vulnerability identified in the Linux kernel specifically related to the ARM architecture's handling of the scmi_perf_domain module. The issue arises during the unloading process of this module when the device tree (DT) configuration lacks the '#power-domain-cells' property. This missing property causes the probe function to exit prematurely without error, leading to an incomplete initialization of internal structures. Consequently, when the module's remove callback is invoked, it operates on uninitialized data, resulting in a NULL pointer dereference and a kernel crash (splat). The kernel stack trace indicates the fault occurs in the scmi_perf_domain_remove function, cascading through device removal and driver unregistration routines. The root cause is a missing check in the remove callback to verify proper initialization before proceeding. The patch involves adding an early bail-out check in the remove function to prevent dereferencing NULL pointers. This vulnerability affects Linux kernel versions identified by the commit hash 2af23ceb8624a419eaf40295c11fcb86ec9ee303. There are no known exploits in the wild, and no CVSS score has been assigned yet. The vulnerability is primarily a stability and availability issue, potentially causing system crashes or reboots on affected ARM-based Linux systems when the scmi_perf_domain module is unloaded under specific device tree configurations.
Potential Impact
For European organizations, the impact of CVE-2024-26784 depends largely on their use of ARM-based Linux systems that utilize the scmi_perf_domain module. This includes embedded systems, IoT devices, and potentially ARM servers or edge computing devices running Linux kernels with the affected versions. The vulnerability can lead to kernel panics and system crashes, resulting in denial of service (DoS). In critical infrastructure, industrial control systems, or telecommunications equipment relying on ARM Linux platforms, such instability could disrupt operations, cause downtime, and impact service availability. Although there is no indication of remote code execution or privilege escalation, the forced reboots or crashes could be exploited by attackers to cause persistent denial of service or to disrupt maintenance windows. European organizations with ARM-based Linux deployments in sectors such as manufacturing, automotive, telecommunications, and cloud edge services should be particularly vigilant. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to maintain system reliability and prevent potential exploitation in targeted attacks.
Mitigation Recommendations
To mitigate CVE-2024-26784, organizations should: 1) Apply the official Linux kernel patches that add the necessary checks in the scmi_perf_domain remove callback to prevent NULL dereference. Monitor Linux kernel mailing lists and vendor advisories for updated kernel releases containing this fix. 2) Audit device tree configurations for ARM-based systems to ensure the '#power-domain-cells' property is correctly defined, preventing the probe from exiting prematurely. 3) For systems where patching is not immediately feasible, avoid unloading the scmi_perf_domain module dynamically or during runtime to prevent triggering the vulnerability. 4) Implement robust monitoring and alerting for kernel panics or unexpected reboots on ARM Linux devices to detect potential exploitation or instability early. 5) Engage with hardware and Linux distribution vendors to confirm that their ARM Linux kernel builds incorporate the fix. 6) Test updated kernels in staging environments to verify stability before deployment. These steps go beyond generic advice by focusing on device tree validation, module management practices, and proactive monitoring tailored to this specific vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy
CVE-2024-26784: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal On unloading of the scmi_perf_domain module got the below splat, when in the DT provided to the system under test the '#power-domain-cells' property was missing. Indeed, this particular setup causes the probe to bail out early without giving any error, which leads to the ->remove() callback gets to run too, but without all the expected initialized structures in place. Add a check and bail out early on remove too. Call trace: scmi_perf_domain_remove+0x28/0x70 [scmi_perf_domain] scmi_dev_remove+0x28/0x40 [scmi_core] device_remove+0x54/0x90 device_release_driver_internal+0x1dc/0x240 driver_detach+0x58/0xa8 bus_remove_driver+0x78/0x108 driver_unregister+0x38/0x70 scmi_driver_unregister+0x28/0x180 [scmi_core] scmi_perf_domain_driver_exit+0x18/0xb78 [scmi_perf_domain] __arm64_sys_delete_module+0x1a8/0x2c0 invoke_syscall+0x50/0x128 el0_svc_common.constprop.0+0x48/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x34/0xb8 el0t_64_sync_handler+0x100/0x130 el0t_64_sync+0x190/0x198 Code: a90153f3 f9403c14 f9414800 955f8a05 (b9400a80) ---[ end trace 0000000000000000 ]---
AI-Powered Analysis
Technical Analysis
CVE-2024-26784 is a vulnerability identified in the Linux kernel specifically related to the ARM architecture's handling of the scmi_perf_domain module. The issue arises during the unloading process of this module when the device tree (DT) configuration lacks the '#power-domain-cells' property. This missing property causes the probe function to exit prematurely without error, leading to an incomplete initialization of internal structures. Consequently, when the module's remove callback is invoked, it operates on uninitialized data, resulting in a NULL pointer dereference and a kernel crash (splat). The kernel stack trace indicates the fault occurs in the scmi_perf_domain_remove function, cascading through device removal and driver unregistration routines. The root cause is a missing check in the remove callback to verify proper initialization before proceeding. The patch involves adding an early bail-out check in the remove function to prevent dereferencing NULL pointers. This vulnerability affects Linux kernel versions identified by the commit hash 2af23ceb8624a419eaf40295c11fcb86ec9ee303. There are no known exploits in the wild, and no CVSS score has been assigned yet. The vulnerability is primarily a stability and availability issue, potentially causing system crashes or reboots on affected ARM-based Linux systems when the scmi_perf_domain module is unloaded under specific device tree configurations.
Potential Impact
For European organizations, the impact of CVE-2024-26784 depends largely on their use of ARM-based Linux systems that utilize the scmi_perf_domain module. This includes embedded systems, IoT devices, and potentially ARM servers or edge computing devices running Linux kernels with the affected versions. The vulnerability can lead to kernel panics and system crashes, resulting in denial of service (DoS). In critical infrastructure, industrial control systems, or telecommunications equipment relying on ARM Linux platforms, such instability could disrupt operations, cause downtime, and impact service availability. Although there is no indication of remote code execution or privilege escalation, the forced reboots or crashes could be exploited by attackers to cause persistent denial of service or to disrupt maintenance windows. European organizations with ARM-based Linux deployments in sectors such as manufacturing, automotive, telecommunications, and cloud edge services should be particularly vigilant. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to maintain system reliability and prevent potential exploitation in targeted attacks.
Mitigation Recommendations
To mitigate CVE-2024-26784, organizations should: 1) Apply the official Linux kernel patches that add the necessary checks in the scmi_perf_domain remove callback to prevent NULL dereference. Monitor Linux kernel mailing lists and vendor advisories for updated kernel releases containing this fix. 2) Audit device tree configurations for ARM-based systems to ensure the '#power-domain-cells' property is correctly defined, preventing the probe from exiting prematurely. 3) For systems where patching is not immediately feasible, avoid unloading the scmi_perf_domain module dynamically or during runtime to prevent triggering the vulnerability. 4) Implement robust monitoring and alerting for kernel panics or unexpected reboots on ARM Linux devices to detect potential exploitation or instability early. 5) Engage with hardware and Linux distribution vendors to confirm that their ARM Linux kernel builds incorporate the fix. 6) Test updated kernels in staging environments to verify stability before deployment. These steps go beyond generic advice by focusing on device tree validation, module management practices, and proactive monitoring tailored to this specific vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.177Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ac4522896dcbe3b9a
Added to database: 5/21/2025, 9:08:58 AM
Last enriched: 6/29/2025, 6:40:45 PM
Last updated: 8/16/2025, 4:40:01 AM
Views: 12
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.