CVE-2024-26874: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip It's possible that mtk_crtc->event is NULL in mtk_drm_crtc_finish_page_flip(). pending_needs_vblank value is set by mtk_crtc->event, but in mtk_drm_crtc_atomic_flush(), it's is not guarded by the same lock in mtk_drm_finish_page_flip(), thus a race condition happens. Consider the following case: CPU1 CPU2 step 1: mtk_drm_crtc_atomic_begin() mtk_crtc->event is not null, step 1: mtk_drm_crtc_atomic_flush: mtk_drm_crtc_update_config( !!mtk_crtc->event) step 2: mtk_crtc_ddp_irq -> mtk_drm_finish_page_flip: lock mtk_crtc->event set to null, pending_needs_vblank set to false unlock pending_needs_vblank set to true, step 2: mtk_crtc_ddp_irq -> mtk_drm_finish_page_flip called again, pending_needs_vblank is still true //null pointer Instead of guarding the entire mtk_drm_crtc_atomic_flush(), it's more efficient to just check if mtk_crtc->event is null before use.
AI Analysis
Technical Summary
CVE-2024-26874 is a vulnerability identified in the Linux kernel specifically within the MediaTek DRM (Direct Rendering Manager) driver code. The flaw arises from a race condition involving the handling of the mtk_crtc->event pointer in the mtk_drm_crtc_finish_page_flip() function. The vulnerability occurs because the code does not properly synchronize access to mtk_crtc->event and the related pending_needs_vblank flag across concurrent CPU cores. In the described scenario, one CPU core may nullify the mtk_crtc->event pointer and reset pending_needs_vblank while another core concurrently reads these values without proper locking. This leads to a null pointer dereference when the second core attempts to use mtk_crtc->event, causing a kernel crash (null pointer dereference). The root cause is that mtk_drm_crtc_atomic_flush() sets pending_needs_vblank based on mtk_crtc->event without the same locking protections used in mtk_drm_finish_page_flip(), resulting in a race condition. The fix involves adding a null check for mtk_crtc->event before its use rather than locking the entire flush function, improving efficiency while preventing the race. This vulnerability affects Linux kernel versions containing the affected MediaTek DRM driver code, as identified by the specific commit hashes listed. While no known exploits are currently reported in the wild, the vulnerability can cause denial of service through kernel crashes, impacting system stability and availability. The issue is particularly relevant for devices running Linux kernels with MediaTek DRM drivers, which are common in embedded systems, mobile devices, and some specialized hardware platforms. The vulnerability does not appear to allow privilege escalation or code execution but can disrupt normal operation by crashing the kernel due to null pointer dereference triggered by race conditions in the graphics subsystem.
Potential Impact
For European organizations, the primary impact of CVE-2024-26874 is the potential for denial of service (DoS) conditions on Linux-based systems utilizing MediaTek DRM drivers. This can lead to unexpected system crashes, causing downtime and disruption of services, particularly in environments where Linux is used for critical infrastructure, embedded devices, or specialized hardware running MediaTek chipsets. Industries such as telecommunications, manufacturing, automotive, and IoT deployments in Europe that rely on Linux with MediaTek components could experience operational interruptions. Although the vulnerability does not directly compromise confidentiality or integrity, the availability impact can be significant, especially in real-time or high-availability systems. The race condition nature of the flaw means that crashes may be intermittent and difficult to predict, complicating troubleshooting and remediation. Additionally, systems that are part of larger distributed environments may propagate instability if affected nodes crash unexpectedly. Given the widespread use of Linux in European IT infrastructure and embedded systems, organizations should assess their exposure to MediaTek DRM drivers and plan for timely patching to maintain system reliability and service continuity.
Mitigation Recommendations
To mitigate CVE-2024-26874, European organizations should: 1) Identify all Linux systems running kernels with MediaTek DRM drivers, particularly those with the affected commit hashes or versions. 2) Apply the official Linux kernel patches that fix the null pointer dereference by adding proper null checks for mtk_crtc->event, as soon as they are available from trusted Linux kernel sources or distributions. 3) For systems where immediate patching is not feasible, consider implementing kernel crash monitoring and automated recovery mechanisms to minimize downtime caused by unexpected crashes. 4) Review and enhance system logging to detect symptoms of this race condition, such as kernel oops or null pointer dereference messages related to MediaTek DRM. 5) Engage with hardware and software vendors to confirm the presence of the fix in firmware or kernel updates, especially for embedded or specialized devices. 6) Conduct thorough testing of updated kernels in staging environments to ensure stability and compatibility before deployment. 7) Limit access to vulnerable systems to trusted users and networks to reduce the risk of triggering the race condition through malicious or accidental workload patterns. 8) Maintain up-to-date inventories of Linux kernel versions and MediaTek driver usage to facilitate rapid response to similar future vulnerabilities.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Finland, Poland, Belgium
CVE-2024-26874: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip It's possible that mtk_crtc->event is NULL in mtk_drm_crtc_finish_page_flip(). pending_needs_vblank value is set by mtk_crtc->event, but in mtk_drm_crtc_atomic_flush(), it's is not guarded by the same lock in mtk_drm_finish_page_flip(), thus a race condition happens. Consider the following case: CPU1 CPU2 step 1: mtk_drm_crtc_atomic_begin() mtk_crtc->event is not null, step 1: mtk_drm_crtc_atomic_flush: mtk_drm_crtc_update_config( !!mtk_crtc->event) step 2: mtk_crtc_ddp_irq -> mtk_drm_finish_page_flip: lock mtk_crtc->event set to null, pending_needs_vblank set to false unlock pending_needs_vblank set to true, step 2: mtk_crtc_ddp_irq -> mtk_drm_finish_page_flip called again, pending_needs_vblank is still true //null pointer Instead of guarding the entire mtk_drm_crtc_atomic_flush(), it's more efficient to just check if mtk_crtc->event is null before use.
AI-Powered Analysis
Technical Analysis
CVE-2024-26874 is a vulnerability identified in the Linux kernel specifically within the MediaTek DRM (Direct Rendering Manager) driver code. The flaw arises from a race condition involving the handling of the mtk_crtc->event pointer in the mtk_drm_crtc_finish_page_flip() function. The vulnerability occurs because the code does not properly synchronize access to mtk_crtc->event and the related pending_needs_vblank flag across concurrent CPU cores. In the described scenario, one CPU core may nullify the mtk_crtc->event pointer and reset pending_needs_vblank while another core concurrently reads these values without proper locking. This leads to a null pointer dereference when the second core attempts to use mtk_crtc->event, causing a kernel crash (null pointer dereference). The root cause is that mtk_drm_crtc_atomic_flush() sets pending_needs_vblank based on mtk_crtc->event without the same locking protections used in mtk_drm_finish_page_flip(), resulting in a race condition. The fix involves adding a null check for mtk_crtc->event before its use rather than locking the entire flush function, improving efficiency while preventing the race. This vulnerability affects Linux kernel versions containing the affected MediaTek DRM driver code, as identified by the specific commit hashes listed. While no known exploits are currently reported in the wild, the vulnerability can cause denial of service through kernel crashes, impacting system stability and availability. The issue is particularly relevant for devices running Linux kernels with MediaTek DRM drivers, which are common in embedded systems, mobile devices, and some specialized hardware platforms. The vulnerability does not appear to allow privilege escalation or code execution but can disrupt normal operation by crashing the kernel due to null pointer dereference triggered by race conditions in the graphics subsystem.
Potential Impact
For European organizations, the primary impact of CVE-2024-26874 is the potential for denial of service (DoS) conditions on Linux-based systems utilizing MediaTek DRM drivers. This can lead to unexpected system crashes, causing downtime and disruption of services, particularly in environments where Linux is used for critical infrastructure, embedded devices, or specialized hardware running MediaTek chipsets. Industries such as telecommunications, manufacturing, automotive, and IoT deployments in Europe that rely on Linux with MediaTek components could experience operational interruptions. Although the vulnerability does not directly compromise confidentiality or integrity, the availability impact can be significant, especially in real-time or high-availability systems. The race condition nature of the flaw means that crashes may be intermittent and difficult to predict, complicating troubleshooting and remediation. Additionally, systems that are part of larger distributed environments may propagate instability if affected nodes crash unexpectedly. Given the widespread use of Linux in European IT infrastructure and embedded systems, organizations should assess their exposure to MediaTek DRM drivers and plan for timely patching to maintain system reliability and service continuity.
Mitigation Recommendations
To mitigate CVE-2024-26874, European organizations should: 1) Identify all Linux systems running kernels with MediaTek DRM drivers, particularly those with the affected commit hashes or versions. 2) Apply the official Linux kernel patches that fix the null pointer dereference by adding proper null checks for mtk_crtc->event, as soon as they are available from trusted Linux kernel sources or distributions. 3) For systems where immediate patching is not feasible, consider implementing kernel crash monitoring and automated recovery mechanisms to minimize downtime caused by unexpected crashes. 4) Review and enhance system logging to detect symptoms of this race condition, such as kernel oops or null pointer dereference messages related to MediaTek DRM. 5) Engage with hardware and software vendors to confirm the presence of the fix in firmware or kernel updates, especially for embedded or specialized devices. 6) Conduct thorough testing of updated kernels in staging environments to ensure stability and compatibility before deployment. 7) Limit access to vulnerable systems to trusted users and networks to reduce the risk of triggering the race condition through malicious or accidental workload patterns. 8) Maintain up-to-date inventories of Linux kernel versions and MediaTek driver usage to facilitate rapid response to similar future vulnerabilities.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.185Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982bc4522896dcbe3e24
Added to database: 5/21/2025, 9:08:59 AM
Last enriched: 6/29/2025, 7:41:56 PM
Last updated: 8/1/2025, 7:21:52 AM
Views: 11
Related Threats
CVE-2025-40770: CWE-300: Channel Accessible by Non-Endpoint in Siemens SINEC Traffic Analyzer
HighCVE-2025-40769: CWE-1164: Irrelevant Code in Siemens SINEC Traffic Analyzer
HighCVE-2025-40768: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in Siemens SINEC Traffic Analyzer
HighCVE-2025-40767: CWE-250: Execution with Unnecessary Privileges in Siemens SINEC Traffic Analyzer
HighCVE-2025-40766: CWE-400: Uncontrolled Resource Consumption in Siemens SINEC Traffic Analyzer
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.