CVE-2024-26787 is a vulnerability identified in the Linux kernel's MMC (MultiMediaCard) subsystem, specifically affecting the STM32 variant of the mmci (MultiMediaCard Interface) driver. The issue arises from improper handling of DMA (Direct Memory Access) mappings during error conditions in the mmci_cmd_irq function. When an error occurs, the function mmci_dma_error is invoked; however, in the STM32 variant, this function does not properly unmap DMA scatter-gather lists using dma_unmap_sg, leading to a leak of DMA mappings. This is highlighted when the CONFIG_DMA_API_DEBUG_SG kernel configuration option is enabled, which triggers warnings about overlapping DMA mappings and cacheline tracking conflicts. The root cause is an imbalance between dma_map_sg and dma_unmap_sg calls, which violates the expected DMA API usage. The vulnerability manifests as a resource leak within the kernel's DMA subsystem, potentially causing system instability or degraded performance due to unreleased DMA mappings. The affected hardware is the STMicroelectronics STM32MP257F-EV1 Evaluation Board, but the underlying issue may impact other STM32-based Linux systems using the affected mmci driver code. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability was published on April 4, 2024, and is resolved by correcting the DMA unmapping logic in the kernel source.

For European organizations, the impact of CVE-2024-26787 depends largely on the deployment of Linux systems running on STM32-based hardware or similar embedded platforms using the affected mmci driver. While the vulnerability does not directly enable code execution or privilege escalation, the leaking of DMA mappings can lead to kernel resource exhaustion, potentially causing system instability, crashes, or degraded performance. This can affect embedded devices, industrial control systems, or IoT devices that rely on STM32 Linux platforms, which are increasingly used in sectors such as manufacturing, automotive, telecommunications, and critical infrastructure. Disruptions in these systems could lead to operational downtime, impacting business continuity and safety-critical processes. Although no active exploitation is known, the vulnerability's presence in kernel code used in embedded devices means that organizations with such deployments should prioritize remediation to avoid latent risks. The issue is less likely to affect general-purpose Linux servers or desktops but is significant for embedded and specialized Linux environments prevalent in European industrial and technological sectors.

Mitigation requires updating the Linux kernel to a version where the DMA unmapping logic in the mmci STM32 driver has been corrected. Organizations should: 1) Identify all embedded Linux devices and systems using STM32 hardware or the affected mmci driver variant. 2) Apply vendor-supplied kernel patches or upgrade to the latest stable Linux kernel releases that include the fix for CVE-2024-26787. 3) Enable CONFIG_DMA_API_DEBUG_SG during testing phases to detect any DMA mapping imbalances proactively. 4) Implement monitoring for kernel warnings related to DMA mappings to detect potential leaks early. 5) For critical embedded systems, conduct thorough regression testing post-patch to ensure stability. 6) Coordinate with hardware vendors for firmware or driver updates if the affected devices are part of third-party products. 7) Maintain strict change management and incident response plans to quickly address any instability that may arise from this vulnerability or its remediation.