CVE-2024-26877: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling crypto_finalize_request, BH should be disabled to avoid triggering the following calltrace: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 74 at crypto/crypto_engine.c:58 crypto_finalize_request+0xa0/0x118 Modules linked in: cryptodev(O) CPU: 2 PID: 74 Comm: firmware:zynqmp Tainted: G O 6.8.0-rc1-yocto-standard #323 Hardware name: ZynqMP ZCU102 Rev1.0 (DT) pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : crypto_finalize_request+0xa0/0x118 lr : crypto_finalize_request+0x104/0x118 sp : ffffffc085353ce0 x29: ffffffc085353ce0 x28: 0000000000000000 x27: ffffff8808ea8688 x26: ffffffc081715038 x25: 0000000000000000 x24: ffffff880100db00 x23: ffffff880100da80 x22: 0000000000000000 x21: 0000000000000000 x20: ffffff8805b14000 x19: ffffff880100da80 x18: 0000000000010450 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000003 x13: 0000000000000000 x12: ffffff880100dad0 x11: 0000000000000000 x10: ffffffc0832dcd08 x9 : ffffffc0812416d8 x8 : 00000000000001f4 x7 : ffffffc0830d2830 x6 : 0000000000000001 x5 : ffffffc082091000 x4 : ffffffc082091658 x3 : 0000000000000000 x2 : ffffffc7f9653000 x1 : 0000000000000000 x0 : ffffff8802d20000 Call trace: crypto_finalize_request+0xa0/0x118 crypto_finalize_aead_request+0x18/0x30 zynqmp_handle_aes_req+0xcc/0x388 crypto_pump_work+0x168/0x2d8 kthread_worker_fn+0xfc/0x3a0 kthread+0x118/0x138 ret_from_fork+0x10/0x20 irq event stamp: 40 hardirqs last enabled at (39): [<ffffffc0812416f8>] _raw_spin_unlock_irqrestore+0x70/0xb0 hardirqs last disabled at (40): [<ffffffc08122d208>] el1_dbg+0x28/0x90 softirqs last enabled at (36): [<ffffffc080017dec>] kernel_neon_begin+0x8c/0xf0 softirqs last disabled at (34): [<ffffffc080017dc0>] kernel_neon_begin+0x60/0xf0 ---[ end trace 0000000000000000 ]---
AI Analysis
Technical Summary
CVE-2024-26877 is a vulnerability identified in the Linux kernel's cryptographic subsystem, specifically related to the Xilinx crypto engine implementation. The issue arises from improper handling of bottom halves (BH) during the invocation of the function crypto_finalize_request. The kernel code expects BH to be disabled when calling this function to prevent concurrency issues and race conditions. Failure to disable BH leads to a kernel warning and a call trace indicating a potential flaw in synchronization. The vulnerability is triggered when crypto_finalize_request is called without disabling BH, which can cause instability or unexpected behavior in cryptographic operations, particularly those involving the Xilinx ZynqMP platform. The kernel trace shows that the problem occurs in crypto_finalize_request, propagates through crypto_finalize_aead_request, and affects the zynqmp_handle_aes_req function, which handles AES requests on the ZynqMP hardware. This suggests the vulnerability is hardware-specific and tied to the cryptographic engine's request finalization process. The kernel warning and call trace indicate a potential for kernel crashes or denial of service due to improper locking or interrupt handling. Although no direct exploit is known in the wild, the flaw could be leveraged by an attacker with the ability to invoke cryptographic operations on affected systems to cause instability or denial of service. The affected versions appear to be specific Linux kernel commits or builds, likely including versions used in embedded or specialized hardware environments using the Xilinx ZynqMP platform. No CVSS score has been assigned yet, and no public exploit code is available. The vulnerability was published on April 17, 2024, and is considered resolved by ensuring BH is disabled when calling crypto_finalize_request.
Potential Impact
For European organizations, the impact of CVE-2024-26877 primarily concerns entities utilizing Linux-based embedded systems or specialized hardware platforms incorporating the Xilinx ZynqMP SoC, such as industrial control systems, telecommunications infrastructure, or IoT devices. The vulnerability could lead to kernel instability or denial of service on affected devices, potentially disrupting critical operations. This is particularly relevant for sectors like manufacturing, energy, and telecommunications, where embedded Linux systems are common. While the vulnerability does not directly expose confidential data or allow privilege escalation, the resulting denial of service could impact availability of critical services. Given the specialized nature of the affected hardware, the threat is less likely to affect general-purpose Linux servers or desktops but poses a risk to embedded device deployments. Organizations relying on such hardware for operational technology (OT) or network infrastructure should be aware of the risk of system crashes or service interruptions. The absence of known exploits reduces immediate risk, but the vulnerability's presence in kernel cryptographic functions means it could be targeted in the future by attackers aiming to disrupt services or cause system failures.
Mitigation Recommendations
Mitigation involves applying the official Linux kernel patches that ensure BH is disabled when calling crypto_finalize_request within the Xilinx crypto engine code path. Organizations should: 1) Identify all systems running Linux kernels with the affected Xilinx crypto engine implementation, particularly those using ZynqMP hardware. 2) Update to the latest stable Linux kernel versions or vendor-provided patches that address CVE-2024-26877. 3) For embedded devices where kernel updates are challenging, coordinate with hardware vendors for firmware or kernel patch releases. 4) Implement monitoring for kernel warnings or crashes related to crypto_finalize_request to detect potential exploitation attempts or instability. 5) Restrict access to systems running affected kernels to trusted users to minimize risk of malicious invocation of vulnerable code paths. 6) Conduct thorough testing of updated kernels in controlled environments before deployment to ensure stability. 7) Maintain an inventory of embedded Linux devices and their kernel versions to facilitate timely patch management. These steps go beyond generic advice by focusing on embedded Linux environments and the specific hardware context of the vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Sweden, Finland
CVE-2024-26877: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling crypto_finalize_request, BH should be disabled to avoid triggering the following calltrace: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 74 at crypto/crypto_engine.c:58 crypto_finalize_request+0xa0/0x118 Modules linked in: cryptodev(O) CPU: 2 PID: 74 Comm: firmware:zynqmp Tainted: G O 6.8.0-rc1-yocto-standard #323 Hardware name: ZynqMP ZCU102 Rev1.0 (DT) pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : crypto_finalize_request+0xa0/0x118 lr : crypto_finalize_request+0x104/0x118 sp : ffffffc085353ce0 x29: ffffffc085353ce0 x28: 0000000000000000 x27: ffffff8808ea8688 x26: ffffffc081715038 x25: 0000000000000000 x24: ffffff880100db00 x23: ffffff880100da80 x22: 0000000000000000 x21: 0000000000000000 x20: ffffff8805b14000 x19: ffffff880100da80 x18: 0000000000010450 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000003 x13: 0000000000000000 x12: ffffff880100dad0 x11: 0000000000000000 x10: ffffffc0832dcd08 x9 : ffffffc0812416d8 x8 : 00000000000001f4 x7 : ffffffc0830d2830 x6 : 0000000000000001 x5 : ffffffc082091000 x4 : ffffffc082091658 x3 : 0000000000000000 x2 : ffffffc7f9653000 x1 : 0000000000000000 x0 : ffffff8802d20000 Call trace: crypto_finalize_request+0xa0/0x118 crypto_finalize_aead_request+0x18/0x30 zynqmp_handle_aes_req+0xcc/0x388 crypto_pump_work+0x168/0x2d8 kthread_worker_fn+0xfc/0x3a0 kthread+0x118/0x138 ret_from_fork+0x10/0x20 irq event stamp: 40 hardirqs last enabled at (39): [<ffffffc0812416f8>] _raw_spin_unlock_irqrestore+0x70/0xb0 hardirqs last disabled at (40): [<ffffffc08122d208>] el1_dbg+0x28/0x90 softirqs last enabled at (36): [<ffffffc080017dec>] kernel_neon_begin+0x8c/0xf0 softirqs last disabled at (34): [<ffffffc080017dc0>] kernel_neon_begin+0x60/0xf0 ---[ end trace 0000000000000000 ]---
AI-Powered Analysis
Technical Analysis
CVE-2024-26877 is a vulnerability identified in the Linux kernel's cryptographic subsystem, specifically related to the Xilinx crypto engine implementation. The issue arises from improper handling of bottom halves (BH) during the invocation of the function crypto_finalize_request. The kernel code expects BH to be disabled when calling this function to prevent concurrency issues and race conditions. Failure to disable BH leads to a kernel warning and a call trace indicating a potential flaw in synchronization. The vulnerability is triggered when crypto_finalize_request is called without disabling BH, which can cause instability or unexpected behavior in cryptographic operations, particularly those involving the Xilinx ZynqMP platform. The kernel trace shows that the problem occurs in crypto_finalize_request, propagates through crypto_finalize_aead_request, and affects the zynqmp_handle_aes_req function, which handles AES requests on the ZynqMP hardware. This suggests the vulnerability is hardware-specific and tied to the cryptographic engine's request finalization process. The kernel warning and call trace indicate a potential for kernel crashes or denial of service due to improper locking or interrupt handling. Although no direct exploit is known in the wild, the flaw could be leveraged by an attacker with the ability to invoke cryptographic operations on affected systems to cause instability or denial of service. The affected versions appear to be specific Linux kernel commits or builds, likely including versions used in embedded or specialized hardware environments using the Xilinx ZynqMP platform. No CVSS score has been assigned yet, and no public exploit code is available. The vulnerability was published on April 17, 2024, and is considered resolved by ensuring BH is disabled when calling crypto_finalize_request.
Potential Impact
For European organizations, the impact of CVE-2024-26877 primarily concerns entities utilizing Linux-based embedded systems or specialized hardware platforms incorporating the Xilinx ZynqMP SoC, such as industrial control systems, telecommunications infrastructure, or IoT devices. The vulnerability could lead to kernel instability or denial of service on affected devices, potentially disrupting critical operations. This is particularly relevant for sectors like manufacturing, energy, and telecommunications, where embedded Linux systems are common. While the vulnerability does not directly expose confidential data or allow privilege escalation, the resulting denial of service could impact availability of critical services. Given the specialized nature of the affected hardware, the threat is less likely to affect general-purpose Linux servers or desktops but poses a risk to embedded device deployments. Organizations relying on such hardware for operational technology (OT) or network infrastructure should be aware of the risk of system crashes or service interruptions. The absence of known exploits reduces immediate risk, but the vulnerability's presence in kernel cryptographic functions means it could be targeted in the future by attackers aiming to disrupt services or cause system failures.
Mitigation Recommendations
Mitigation involves applying the official Linux kernel patches that ensure BH is disabled when calling crypto_finalize_request within the Xilinx crypto engine code path. Organizations should: 1) Identify all systems running Linux kernels with the affected Xilinx crypto engine implementation, particularly those using ZynqMP hardware. 2) Update to the latest stable Linux kernel versions or vendor-provided patches that address CVE-2024-26877. 3) For embedded devices where kernel updates are challenging, coordinate with hardware vendors for firmware or kernel patch releases. 4) Implement monitoring for kernel warnings or crashes related to crypto_finalize_request to detect potential exploitation attempts or instability. 5) Restrict access to systems running affected kernels to trusted users to minimize risk of malicious invocation of vulnerable code paths. 6) Conduct thorough testing of updated kernels in controlled environments before deployment to ensure stability. 7) Maintain an inventory of embedded Linux devices and their kernel versions to facilitate timely patch management. These steps go beyond generic advice by focusing on embedded Linux environments and the specific hardware context of the vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.185Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982bc4522896dcbe3e30
Added to database: 5/21/2025, 9:08:59 AM
Last enriched: 6/29/2025, 7:42:29 PM
Last updated: 7/30/2025, 11:31:40 AM
Views: 11
Related Threats
CVE-2025-52621: CWE-346 Origin Validation Error in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52620: CWE-20 Improper Input Validation in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52619: CWE-209 Generation of Error Message Containing Sensitive Information in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52618: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in HCL Software BigFix SaaS Remediate
MediumCVE-2025-43201: An app may be able to unexpectedly leak a user's credentials in Apple Apple Music Classical for Android
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.