CVE-2024-26802: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: stmmac: Clear variable when destroying workqueue Currently when suspending driver and stopping workqueue it is checked whether workqueue is not NULL and if so, it is destroyed. Function destroy_workqueue() does drain queue and does clear variable, but it does not set workqueue variable to NULL. This can cause kernel/module panic if code attempts to clear workqueue that was not initialized. This scenario is possible when resuming suspended driver in stmmac_resume(), because there is no handling for failed stmmac_hw_setup(), which can fail and return if DMA engine has failed to initialize, and workqueue is initialized after DMA engine. Should DMA engine fail to initialize, resume will proceed normally, but interface won't work and TX queue will eventually timeout, causing 'Reset adapter' error. This then does destroy workqueue during reset process. And since workqueue is initialized after DMA engine and can be skipped, it will cause kernel/module panic. To secure against this possible crash, set workqueue variable to NULL when destroying workqueue. Log/backtrace from crash goes as follows: [88.031977]------------[ cut here ]------------ [88.031985]NETDEV WATCHDOG: eth0 (sxgmac): transmit queue 1 timed out [88.032017]WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:477 dev_watchdog+0x390/0x398 <Skipping backtrace for watchdog timeout> [88.032251]---[ end trace e70de432e4d5c2c0 ]--- [88.032282]sxgmac 16d88000.ethernet eth0: Reset adapter. [88.036359]------------[ cut here ]------------ [88.036519]Call trace: [88.036523] flush_workqueue+0x3e4/0x430 [88.036528] drain_workqueue+0xc4/0x160 [88.036533] destroy_workqueue+0x40/0x270 [88.036537] stmmac_fpe_stop_wq+0x4c/0x70 [88.036541] stmmac_release+0x278/0x280 [88.036546] __dev_close_many+0xcc/0x158 [88.036551] dev_close_many+0xbc/0x190 [88.036555] dev_close.part.0+0x70/0xc0 [88.036560] dev_close+0x24/0x30 [88.036564] stmmac_service_task+0x110/0x140 [88.036569] process_one_work+0x1d8/0x4a0 [88.036573] worker_thread+0x54/0x408 [88.036578] kthread+0x164/0x170 [88.036583] ret_from_fork+0x10/0x20 [88.036588]---[ end trace e70de432e4d5c2c1 ]--- [88.036597]Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004
AI Analysis
Technical Summary
CVE-2024-26802 is a vulnerability in the Linux kernel's stmmac Ethernet driver related to improper handling of workqueue destruction during driver suspend and resume operations. The issue arises because the destroy_workqueue() function drains the workqueue and clears its internal state but does not set the workqueue pointer variable to NULL. Consequently, if the driver attempts to destroy or access the workqueue again without reinitialization, a kernel NULL pointer dereference can occur, leading to a kernel panic or module crash. This scenario is particularly triggered when the driver resumes from suspension and the DMA engine initialization (stmmac_hw_setup()) fails. Since the workqueue is initialized after the DMA engine, failure in DMA initialization causes the workqueue initialization to be skipped. However, the resume function proceeds normally, and subsequent operations that assume the workqueue is valid attempt to destroy it, causing a panic due to the stale pointer. The vulnerability manifests as a transmit queue timeout, adapter reset errors, and ultimately a kernel panic with a NULL pointer dereference at a low virtual address. The backtrace provided shows the crash occurring during workqueue destruction and device reset operations. This vulnerability can cause system instability and denial of service on affected Linux systems using the stmmac driver, which is commonly used for Ethernet controllers in embedded and networking devices. The root cause is a missing NULL assignment after workqueue destruction, which is a programming logic flaw in the driver code. The fix involves explicitly setting the workqueue pointer to NULL after destroy_workqueue() is called to prevent invalid access on subsequent operations.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the affected stmmac Ethernet driver, especially embedded devices, industrial control systems, network appliances, and servers using this driver for network connectivity. The impact includes potential denial of service due to kernel panics and system crashes triggered by network interface resets. This can disrupt critical network communications, impacting business operations, industrial automation, and service availability. Organizations relying on Linux-based networking equipment or embedded Linux devices in their infrastructure may experience unexpected outages or degraded performance. The vulnerability does not appear to allow remote code execution or privilege escalation directly but can be exploited locally or via crafted network conditions that trigger the driver resume and reset sequence. This could affect data center operations, telecommunications infrastructure, and IoT deployments prevalent in Europe. The lack of authentication or user interaction requirements means that any process or condition causing the DMA engine initialization failure and driver resume could trigger the crash, increasing the risk of accidental or malicious denial of service. Given the widespread use of Linux in European IT environments and embedded systems, the vulnerability could have broad operational impacts if unpatched.
Mitigation Recommendations
1. Apply the official Linux kernel patches that fix this issue by setting the workqueue pointer to NULL after destruction. Monitor Linux kernel updates and backport patches to affected kernel versions if necessary. 2. For organizations using embedded or specialized Linux distributions, coordinate with vendors to obtain patched kernel versions or apply vendor-provided updates promptly. 3. Implement robust monitoring of network interfaces for transmit queue timeouts and adapter reset errors to detect early signs of this issue. 4. Where possible, configure systems to avoid unnecessary suspend/resume cycles of network drivers or devices using the stmmac driver, reducing the likelihood of triggering the vulnerability. 5. Conduct thorough testing of network driver behavior after kernel updates to ensure stability and correct initialization sequences. 6. Consider network segmentation and limiting exposure of vulnerable devices to untrusted networks to reduce risk of exploitation. 7. Maintain comprehensive backup and recovery plans to mitigate impact of potential system crashes caused by this vulnerability. 8. Engage with hardware and software vendors to confirm whether their products are affected and request guidance or patches if needed.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Finland, Poland, Belgium
CVE-2024-26802: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: stmmac: Clear variable when destroying workqueue Currently when suspending driver and stopping workqueue it is checked whether workqueue is not NULL and if so, it is destroyed. Function destroy_workqueue() does drain queue and does clear variable, but it does not set workqueue variable to NULL. This can cause kernel/module panic if code attempts to clear workqueue that was not initialized. This scenario is possible when resuming suspended driver in stmmac_resume(), because there is no handling for failed stmmac_hw_setup(), which can fail and return if DMA engine has failed to initialize, and workqueue is initialized after DMA engine. Should DMA engine fail to initialize, resume will proceed normally, but interface won't work and TX queue will eventually timeout, causing 'Reset adapter' error. This then does destroy workqueue during reset process. And since workqueue is initialized after DMA engine and can be skipped, it will cause kernel/module panic. To secure against this possible crash, set workqueue variable to NULL when destroying workqueue. Log/backtrace from crash goes as follows: [88.031977]------------[ cut here ]------------ [88.031985]NETDEV WATCHDOG: eth0 (sxgmac): transmit queue 1 timed out [88.032017]WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:477 dev_watchdog+0x390/0x398 <Skipping backtrace for watchdog timeout> [88.032251]---[ end trace e70de432e4d5c2c0 ]--- [88.032282]sxgmac 16d88000.ethernet eth0: Reset adapter. [88.036359]------------[ cut here ]------------ [88.036519]Call trace: [88.036523] flush_workqueue+0x3e4/0x430 [88.036528] drain_workqueue+0xc4/0x160 [88.036533] destroy_workqueue+0x40/0x270 [88.036537] stmmac_fpe_stop_wq+0x4c/0x70 [88.036541] stmmac_release+0x278/0x280 [88.036546] __dev_close_many+0xcc/0x158 [88.036551] dev_close_many+0xbc/0x190 [88.036555] dev_close.part.0+0x70/0xc0 [88.036560] dev_close+0x24/0x30 [88.036564] stmmac_service_task+0x110/0x140 [88.036569] process_one_work+0x1d8/0x4a0 [88.036573] worker_thread+0x54/0x408 [88.036578] kthread+0x164/0x170 [88.036583] ret_from_fork+0x10/0x20 [88.036588]---[ end trace e70de432e4d5c2c1 ]--- [88.036597]Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004
AI-Powered Analysis
Technical Analysis
CVE-2024-26802 is a vulnerability in the Linux kernel's stmmac Ethernet driver related to improper handling of workqueue destruction during driver suspend and resume operations. The issue arises because the destroy_workqueue() function drains the workqueue and clears its internal state but does not set the workqueue pointer variable to NULL. Consequently, if the driver attempts to destroy or access the workqueue again without reinitialization, a kernel NULL pointer dereference can occur, leading to a kernel panic or module crash. This scenario is particularly triggered when the driver resumes from suspension and the DMA engine initialization (stmmac_hw_setup()) fails. Since the workqueue is initialized after the DMA engine, failure in DMA initialization causes the workqueue initialization to be skipped. However, the resume function proceeds normally, and subsequent operations that assume the workqueue is valid attempt to destroy it, causing a panic due to the stale pointer. The vulnerability manifests as a transmit queue timeout, adapter reset errors, and ultimately a kernel panic with a NULL pointer dereference at a low virtual address. The backtrace provided shows the crash occurring during workqueue destruction and device reset operations. This vulnerability can cause system instability and denial of service on affected Linux systems using the stmmac driver, which is commonly used for Ethernet controllers in embedded and networking devices. The root cause is a missing NULL assignment after workqueue destruction, which is a programming logic flaw in the driver code. The fix involves explicitly setting the workqueue pointer to NULL after destroy_workqueue() is called to prevent invalid access on subsequent operations.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the affected stmmac Ethernet driver, especially embedded devices, industrial control systems, network appliances, and servers using this driver for network connectivity. The impact includes potential denial of service due to kernel panics and system crashes triggered by network interface resets. This can disrupt critical network communications, impacting business operations, industrial automation, and service availability. Organizations relying on Linux-based networking equipment or embedded Linux devices in their infrastructure may experience unexpected outages or degraded performance. The vulnerability does not appear to allow remote code execution or privilege escalation directly but can be exploited locally or via crafted network conditions that trigger the driver resume and reset sequence. This could affect data center operations, telecommunications infrastructure, and IoT deployments prevalent in Europe. The lack of authentication or user interaction requirements means that any process or condition causing the DMA engine initialization failure and driver resume could trigger the crash, increasing the risk of accidental or malicious denial of service. Given the widespread use of Linux in European IT environments and embedded systems, the vulnerability could have broad operational impacts if unpatched.
Mitigation Recommendations
1. Apply the official Linux kernel patches that fix this issue by setting the workqueue pointer to NULL after destruction. Monitor Linux kernel updates and backport patches to affected kernel versions if necessary. 2. For organizations using embedded or specialized Linux distributions, coordinate with vendors to obtain patched kernel versions or apply vendor-provided updates promptly. 3. Implement robust monitoring of network interfaces for transmit queue timeouts and adapter reset errors to detect early signs of this issue. 4. Where possible, configure systems to avoid unnecessary suspend/resume cycles of network drivers or devices using the stmmac driver, reducing the likelihood of triggering the vulnerability. 5. Conduct thorough testing of network driver behavior after kernel updates to ensure stability and correct initialization sequences. 6. Consider network segmentation and limiting exposure of vulnerable devices to untrusted networks to reduce risk of exploitation. 7. Maintain comprehensive backup and recovery plans to mitigate impact of potential system crashes caused by this vulnerability. 8. Engage with hardware and software vendors to confirm whether their products are affected and request guidance or patches if needed.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.179Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982bc4522896dcbe3c40
Added to database: 5/21/2025, 9:08:59 AM
Last enriched: 6/29/2025, 6:54:50 PM
Last updated: 8/12/2025, 12:37:20 AM
Views: 12
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.