CVE-2024-26790 is a vulnerability identified in the Linux kernel related to the dmaengine subsystem, specifically the fsl-qdma driver used for managing DMA (Direct Memory Access) operations on certain SoCs (System on Chips), notably the NXP LS1028A chip. The vulnerability arises from the handling of 16-byte unaligned read transactions initiated by the QDMA engine. Due to a hardware erratum in the LS1028A SoC, these unaligned read transactions can stall within the Network On-Chip (NOC), causing a deadlock condition. This stall leads to completion timeouts in the PCIe controller, effectively causing the SoC to hang or become unresponsive. The root cause is that the QDMA engine's unaligned read requests are not properly handled by the chip's internal interconnect, resulting in a deadlock that impacts system stability and availability. The recommended workaround is to enable prefetching by setting the source descriptor prefetchable bit (SD[PF] = 1) in the DMA descriptor, which mitigates the issue by avoiding the problematic unaligned read transactions. This vulnerability is specific to hardware platforms using the affected SoC and the Linux kernel versions incorporating the vulnerable fsl-qdma driver code. No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned yet. The vulnerability primarily affects systems relying on the LS1028A SoC running Linux with the affected DMA engine driver, potentially impacting embedded systems, networking equipment, or industrial devices using this hardware and software combination.

For European organizations, the impact of CVE-2024-26790 depends largely on the deployment of hardware platforms using the LS1028A SoC or similar affected chips running Linux with the vulnerable dmaengine driver. Organizations operating embedded systems, industrial control systems, telecommunications infrastructure, or specialized networking equipment based on these SoCs could experience system hangs or outages due to the deadlock condition triggered by unaligned DMA read transactions. This can lead to reduced availability of critical systems, potential operational disruptions, and increased maintenance overhead. Since the issue causes the SoC to hang, it primarily affects system availability rather than confidentiality or integrity. However, availability disruptions in critical infrastructure or industrial environments can have cascading effects on business continuity and safety. The lack of known exploits reduces immediate risk, but the hardware-specific nature means that affected organizations must be vigilant in applying the workaround or patches to avoid unexpected downtime. European organizations in sectors such as manufacturing, telecommunications, and embedded device manufacturing are most likely to be impacted if they use the affected hardware and Linux kernel versions.

To mitigate CVE-2024-26790, organizations should: 1) Identify and inventory systems using the LS1028A SoC or other affected hardware platforms running Linux with the fsl-qdma driver. 2) Apply the Linux kernel patches that address this vulnerability as soon as they become available from the Linux kernel maintainers or vendor distributions. 3) Implement the recommended workaround immediately by enabling the source descriptor prefetchable bit (SD[PF] = 1) in the DMA engine configuration to avoid unaligned 16-byte read transactions that cause the deadlock. 4) Test the workaround and patches in controlled environments to ensure system stability before wide deployment. 5) Monitor system logs and PCIe controller status for signs of stalls or timeouts that could indicate the vulnerability is being triggered. 6) Coordinate with hardware vendors and Linux distribution maintainers to receive timely updates and guidance. 7) For critical systems, consider additional redundancy or failover mechanisms to minimize downtime in case of system hangs. These steps go beyond generic advice by focusing on hardware-specific configuration and proactive patch management tailored to the affected SoC and Linux kernel driver.