CVE-2024-26974: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - resolve race condition during AER recovery During the PCI AER system's error recovery process, the kernel driver may encounter a race condition with freeing the reset_data structure's memory. If the device restart will take more than 10 seconds the function scheduling that restart will exit due to a timeout, and the reset_data structure will be freed. However, this data structure is used for completion notification after the restart is completed, which leads to a UAF bug. This results in a KFENCE bug notice. BUG: KFENCE: use-after-free read in adf_device_reset_worker+0x38/0xa0 [intel_qat] Use-after-free read at 0x00000000bc56fddf (in kfence-#142): adf_device_reset_worker+0x38/0xa0 [intel_qat] process_one_work+0x173/0x340 To resolve this race condition, the memory associated to the container of the work_struct is freed on the worker if the timeout expired, otherwise on the function that schedules the worker. The timeout detection can be done by checking if the caller is still waiting for completion or not by using completion_done() function.
AI Analysis
Technical Summary
CVE-2024-26974 is a vulnerability identified in the Linux kernel's Intel QuickAssist Technology (QAT) driver, specifically within the PCI Advanced Error Reporting (AER) system's error recovery process. The vulnerability arises due to a race condition involving the management of the reset_data structure's memory during device restart. When a PCI device experiences an error, the AER system attempts to recover by resetting the device. If this restart process exceeds 10 seconds, the function responsible for scheduling the restart times out and frees the reset_data memory. However, this memory is still referenced for completion notification once the restart completes, leading to a use-after-free (UAF) condition. This UAF bug manifests as a kernel fault detected by KFENCE, a kernel memory error detector, indicating a read from freed memory in the adf_device_reset_worker function of the intel_qat driver. The root cause is the improper synchronization between the timeout handling and the memory freeing logic. The fix involves adjusting the memory freeing strategy to ensure that the reset_data container is freed either by the worker thread if the timeout has expired or by the scheduling function if the restart completes in time. This is achieved by checking the completion status using the completion_done() function to avoid premature freeing of memory still in use. This vulnerability affects Linux kernel versions containing the specified commit hash and is relevant to systems utilizing Intel QAT hardware acceleration. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-26974 depends largely on their deployment of Linux systems with Intel QAT hardware acceleration. Intel QAT is commonly used in environments requiring high-performance cryptographic operations, such as telecommunications, financial services, cloud providers, and data centers. A successful exploitation of this use-after-free vulnerability could lead to kernel crashes or potential escalation of privileges if an attacker can manipulate the timing and memory usage during the PCI AER recovery process. This could result in denial of service (DoS) conditions or, in worst cases, arbitrary code execution at the kernel level, compromising system confidentiality, integrity, and availability. Given the kernel-level nature of the bug, the impact could be severe on critical infrastructure and services relying on stable and secure cryptographic acceleration. However, exploitation complexity is moderate due to the need for triggering PCI AER recovery and timing the restart process. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially in high-value targets. European organizations in sectors such as telecommunications, finance, and cloud services should be particularly vigilant, as these sectors often deploy Intel QAT-enabled Linux systems.
Mitigation Recommendations
To mitigate CVE-2024-26974, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from their Linux distribution vendors or upstream kernel sources. 2) Conduct an inventory to identify systems running Linux kernels with Intel QAT drivers and verify if they are affected by the specific commit hash or kernel versions. 3) If immediate patching is not feasible, consider disabling Intel QAT hardware acceleration temporarily to prevent triggering the vulnerable code path, understanding this may impact performance. 4) Monitor system logs for KFENCE bug notices or kernel errors related to adf_device_reset_worker or intel_qat, which may indicate attempts to exploit or trigger the vulnerability. 5) Implement strict access controls and monitoring on systems with Intel QAT to detect unusual PCI device error recovery events or kernel crashes. 6) Collaborate with hardware and software vendors to ensure timely updates and guidance. 7) For critical environments, consider deploying kernel live patching solutions to minimize downtime while applying fixes. These steps go beyond generic advice by focusing on targeted identification, monitoring, and temporary mitigation specific to the Intel QAT driver and PCI AER recovery process.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy
CVE-2024-26974: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - resolve race condition during AER recovery During the PCI AER system's error recovery process, the kernel driver may encounter a race condition with freeing the reset_data structure's memory. If the device restart will take more than 10 seconds the function scheduling that restart will exit due to a timeout, and the reset_data structure will be freed. However, this data structure is used for completion notification after the restart is completed, which leads to a UAF bug. This results in a KFENCE bug notice. BUG: KFENCE: use-after-free read in adf_device_reset_worker+0x38/0xa0 [intel_qat] Use-after-free read at 0x00000000bc56fddf (in kfence-#142): adf_device_reset_worker+0x38/0xa0 [intel_qat] process_one_work+0x173/0x340 To resolve this race condition, the memory associated to the container of the work_struct is freed on the worker if the timeout expired, otherwise on the function that schedules the worker. The timeout detection can be done by checking if the caller is still waiting for completion or not by using completion_done() function.
AI-Powered Analysis
Technical Analysis
CVE-2024-26974 is a vulnerability identified in the Linux kernel's Intel QuickAssist Technology (QAT) driver, specifically within the PCI Advanced Error Reporting (AER) system's error recovery process. The vulnerability arises due to a race condition involving the management of the reset_data structure's memory during device restart. When a PCI device experiences an error, the AER system attempts to recover by resetting the device. If this restart process exceeds 10 seconds, the function responsible for scheduling the restart times out and frees the reset_data memory. However, this memory is still referenced for completion notification once the restart completes, leading to a use-after-free (UAF) condition. This UAF bug manifests as a kernel fault detected by KFENCE, a kernel memory error detector, indicating a read from freed memory in the adf_device_reset_worker function of the intel_qat driver. The root cause is the improper synchronization between the timeout handling and the memory freeing logic. The fix involves adjusting the memory freeing strategy to ensure that the reset_data container is freed either by the worker thread if the timeout has expired or by the scheduling function if the restart completes in time. This is achieved by checking the completion status using the completion_done() function to avoid premature freeing of memory still in use. This vulnerability affects Linux kernel versions containing the specified commit hash and is relevant to systems utilizing Intel QAT hardware acceleration. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-26974 depends largely on their deployment of Linux systems with Intel QAT hardware acceleration. Intel QAT is commonly used in environments requiring high-performance cryptographic operations, such as telecommunications, financial services, cloud providers, and data centers. A successful exploitation of this use-after-free vulnerability could lead to kernel crashes or potential escalation of privileges if an attacker can manipulate the timing and memory usage during the PCI AER recovery process. This could result in denial of service (DoS) conditions or, in worst cases, arbitrary code execution at the kernel level, compromising system confidentiality, integrity, and availability. Given the kernel-level nature of the bug, the impact could be severe on critical infrastructure and services relying on stable and secure cryptographic acceleration. However, exploitation complexity is moderate due to the need for triggering PCI AER recovery and timing the restart process. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially in high-value targets. European organizations in sectors such as telecommunications, finance, and cloud services should be particularly vigilant, as these sectors often deploy Intel QAT-enabled Linux systems.
Mitigation Recommendations
To mitigate CVE-2024-26974, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from their Linux distribution vendors or upstream kernel sources. 2) Conduct an inventory to identify systems running Linux kernels with Intel QAT drivers and verify if they are affected by the specific commit hash or kernel versions. 3) If immediate patching is not feasible, consider disabling Intel QAT hardware acceleration temporarily to prevent triggering the vulnerable code path, understanding this may impact performance. 4) Monitor system logs for KFENCE bug notices or kernel errors related to adf_device_reset_worker or intel_qat, which may indicate attempts to exploit or trigger the vulnerability. 5) Implement strict access controls and monitoring on systems with Intel QAT to detect unusual PCI device error recovery events or kernel crashes. 6) Collaborate with hardware and software vendors to ensure timely updates and guidance. 7) For critical environments, consider deploying kernel live patching solutions to minimize downtime while applying fixes. These steps go beyond generic advice by focusing on targeted identification, monitoring, and temporary mitigation specific to the Intel QAT driver and PCI AER recovery process.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.203Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9829c4522896dcbe2fa1
Added to database: 5/21/2025, 9:08:57 AM
Last enriched: 6/29/2025, 1:54:32 PM
Last updated: 8/15/2025, 7:16:54 PM
Views: 11
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.