CVE-2024-26945 is a high-severity vulnerability found in the Linux kernel's crypto subsystem, specifically within the Intel Architecture Accelerator (IAA) driver. The flaw arises when the number of CPUs (nr_cpus) is less than the number of IAA units (nr_iaa). In this scenario, the calculation of cpus_per_iaa results in zero, leading to a divide-by-zero error in the rebalance_wq_table() function. This function is responsible for balancing work queues across CPUs and IAA units. The divide-by-zero can cause a kernel panic or system crash, resulting in a denial of service (DoS). The vulnerability is due to improper handling of edge cases in the workload balancing logic. The fix ensures that cpus_per_iaa is set to at least 1 when nr_cpus < nr_iaa or when nr_iaa is zero, preventing the divide-by-zero condition. The vulnerability has a CVSS 3.1 score of 8.4, indicating high severity, with an attack vector of local access, low attack complexity, no privileges required, no user interaction, and impacts confidentiality, integrity, and availability. No known exploits are currently reported in the wild. This vulnerability affects Linux kernel versions identified by the given commit hashes, implying it impacts systems running affected kernel versions that include the vulnerable code. The CWE classification is CWE-369 (Divide By Zero).

For European organizations, this vulnerability poses a significant risk primarily to systems running Linux kernels with the vulnerable IAA driver, especially those with configurations where the number of CPUs is less than the number of IAA units. The impact includes potential denial of service through kernel crashes, which can disrupt critical services, leading to operational downtime. Since the vulnerability affects confidentiality, integrity, and availability, there is a risk that attackers with local access could exploit this flaw to cause system instability or crash, potentially interrupting business-critical applications. This is particularly concerning for sectors relying heavily on Linux-based infrastructure such as telecommunications, finance, cloud service providers, and government agencies. The local attack vector means that threat actors or malicious insiders with access to the affected systems could trigger the vulnerability without needing elevated privileges or user interaction, increasing the risk in multi-tenant environments or shared hosting. Although no exploits are currently known, the high CVSS score and ease of exploitation suggest that attackers could develop exploits quickly once the vulnerability is public knowledge. European organizations with Linux-based servers, embedded systems, or specialized hardware using the IAA driver should be vigilant to prevent service disruptions and potential data exposure.

European organizations should immediately assess their Linux kernel versions to determine if they are running the affected versions containing the vulnerable IAA driver code. Applying the official Linux kernel patches that fix the divide-by-zero condition is the most effective mitigation. If patching is not immediately possible, organizations should consider the following specific mitigations: 1) Restrict local access to critical Linux systems to trusted personnel only, minimizing the risk of exploitation by unauthorized users. 2) Monitor system logs and kernel messages for signs of crashes or anomalies related to the IAA driver or rebalance_wq_table function. 3) In environments where the number of CPUs is less than the number of IAA units, consider adjusting hardware or kernel configurations to avoid this condition temporarily. 4) Employ kernel hardening techniques and runtime protections such as seccomp or SELinux policies to limit the ability of untrusted processes to interact with the vulnerable driver. 5) For cloud or virtualized environments, ensure hypervisor and container isolation is robust to prevent lateral movement by attackers with local access. 6) Maintain up-to-date backups and incident response plans to quickly recover from potential denial-of-service incidents caused by exploitation of this vulnerability.