CVE-2024-26974
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's Intel QAT crypto driver during PCI AER error recovery. A race condition occurs when device restart takes over 10 seconds, causing premature freeing of memory structures still needed for completion notifications. This affects systems using Intel QuickAssist Technology hardware acceleration with vulnerable kernel versions.
💻 Affected Systems
- Linux kernel with Intel QAT driver (intel_qat)
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or potential privilege escalation leading to full system compromise if an attacker can trigger the race condition repeatedly.
Likely Case
System instability, kernel crashes, or denial of service affecting QAT-dependent applications like crypto operations or compression workloads.
If Mitigated
Minimal impact if systems aren't using QAT hardware or have the patch applied; occasional crashes if the race condition triggers naturally.
🎯 Exploit Status
Exploitation requires local access and ability to trigger PCI error recovery events. No public exploits known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel commits: 0c2cf5142bfb634c0ef0a1a69cdf37950747d0be, 226fc408c5fcd23cc4186f05ea3a69a7a9aef2f7, 4ae5a97781ce7d6ecc9c7055396535815b64ca4f, 7d42e097607c4d246d99225bf2b195b6167a210c, 8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc
Vendor Advisory: https://git.kernel.org/stable/c/0c2cf5142bfb634c0ef0a1a69cdf37950747d0be
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Rebuild kernel if compiling from source with included patches. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable Intel QAT driver
linuxPrevent loading of vulnerable intel_qat kernel module
echo 'blacklist intel_qat' > /etc/modprobe.d/blacklist-qat.conf
rmmod intel_qat
update-initramfs -u
Disable PCI AER
linuxTurn off PCI Advanced Error Reporting to prevent trigger condition
echo 0 > /sys/bus/pci/devices/*/aer_dev_correctable
echo 0 > /sys/bus/pci/devices/*/aer_dev_fatal
echo 0 > /sys/bus/pci/devices/*/aer_dev_nonfatal
🧯 If You Can't Patch
- Monitor systems for kernel crashes or KFENCE warnings related to intel_qat
- Implement strict access controls to prevent unauthorized local access to affected systems
🔍 How to Verify
Check if Vulnerable:
Check if intel_qat module is loaded: lsmod | grep intel_qat. If loaded and kernel version is unpatched, system is vulnerable.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or check with distribution's security advisory. Confirm intel_qat module loads without issues.📡 Detection & Monitoring
Log Indicators:
- KFENCE use-after-free warnings in kernel logs
- Kernel oops or panic messages mentioning adf_device_reset_worker
- System crashes during PCI error recovery events
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
source="kernel" AND ("KFENCE" OR "use-after-free" OR "adf_device_reset_worker" OR "intel_qat")🔗 References
- https://git.kernel.org/stable/c/0c2cf5142bfb634c0ef0a1a69cdf37950747d0be
- https://git.kernel.org/stable/c/226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7
- https://git.kernel.org/stable/c/4ae5a97781ce7d6ecc9c7055396535815b64ca4f
- https://git.kernel.org/stable/c/7d42e097607c4d246d99225bf2b195b6167a210c
- https://git.kernel.org/stable/c/8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc
- https://git.kernel.org/stable/c/8e81cd58aee14a470891733181a47d123193ba81
- https://git.kernel.org/stable/c/bb279ead42263e9fb09480f02a4247b2c287d828
- https://git.kernel.org/stable/c/d03092550f526a79cf1ade7f0dfa74906f39eb71
- https://git.kernel.org/stable/c/daba62d9eeddcc5b1081be7d348ca836c83c59d7
- https://git.kernel.org/stable/c/0c2cf5142bfb634c0ef0a1a69cdf37950747d0be
- https://git.kernel.org/stable/c/226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7
- https://git.kernel.org/stable/c/4ae5a97781ce7d6ecc9c7055396535815b64ca4f
- https://git.kernel.org/stable/c/7d42e097607c4d246d99225bf2b195b6167a210c
- https://git.kernel.org/stable/c/8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc
- https://git.kernel.org/stable/c/8e81cd58aee14a470891733181a47d123193ba81
- https://git.kernel.org/stable/c/bb279ead42263e9fb09480f02a4247b2c287d828
- https://git.kernel.org/stable/c/d03092550f526a79cf1ade7f0dfa74906f39eb71
- https://git.kernel.org/stable/c/daba62d9eeddcc5b1081be7d348ca836c83c59d7
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
