Login Sign Up

CVE-2024-26842

7.8 HIGH

📋 TL;DR

This CVE describes an integer overflow vulnerability in the Linux kernel's UFS (Universal Flash Storage) driver. When task_tag values exceed 31 in MCQ mode, a 32-bit shift operation causes an out-of-bounds error that can crash the kernel. This affects systems using UFS storage with Linux kernel versions containing the vulnerable code.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions containing the vulnerable ufshcd_clear_cmd() function before the fix commits
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with UFS storage hardware and when MCQ (Multiple Command Queue) mode is enabled with task_tag values >= 32.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data corruption or loss if storage operations are interrupted.

🟠

Likely Case

System crash or kernel panic when UFS storage operations trigger the specific condition with task_tag >= 32 in MCQ mode.

🟢

If Mitigated

No impact if the vulnerable code path is not triggered or if systems don't use UFS storage in MCQ mode.

🌐 Internet-Facing: LOW - This is a local kernel driver vulnerability requiring access to storage operations.
🏢 Internal Only: MEDIUM - Could be triggered by legitimate storage operations or potentially by malicious local users with storage access privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering specific UFS storage operations with task_tag >= 32 in MCQ mode. This appears to be a reliability bug rather than a security vulnerability with arbitrary code execution potential.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 7ac9e18f5d66087cd22751c5c5bf0090eb0038fe, a992425d18e5f7c48931121993c6c69426f2a8fb, or b513d30d59bb383a6a5d6b533afcab2cee99a8f8

Vendor Advisory: https://git.kernel.org/stable/c/7ac9e18f5d66087cd22751c5c5bf0090eb0038fe

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable UFS MCQ mode

linux

Prevent the vulnerable code path by disabling Multiple Command Queue mode for UFS storage

echo 0 > /sys/class/ufs/ufs*/mcq_enable

🧯 If You Can't Patch

  • Monitor system logs for UFS-related crashes or BRK exceptions
  • Consider disabling UFS storage if not essential for system operation

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if UFS storage is present: lsblk -d | grep ufs && uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version contains fix commits: uname -r and check kernel source or changelog for the specific commits

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages mentioning ufshcd_clear_cmd
  • BRK handler exceptions
  • UFS error messages in dmesg

Network Indicators:

  • None - this is a local storage driver issue

SIEM Query:

source="kernel" AND ("ufshcd_clear_cmd" OR "BRK handler" OR "UFS error")

📊 Metadata

CVE ID: CVE-2024-26842
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: April 17, 2024
Last Updated: March 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26842, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)