What is CVE-2024-26788?

CVE-2024-26788 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2024-26788 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-26788?

CVE-2024-26788 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-26788?

No patch is currently available for CVE-2024-26788. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2024-26788 actively exploited?

CVE-2024-26788 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-26788

Medium

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: init irq after reg initialization Initialize the qDMA irqs after the registers are configured so that interrupts that may have been pending from a primary kernel don't get processed by the irq handler before it is ready to and cause panic with the following trace: Call trace: fsl_qdma_queue_handler+0xf8/0x3e8 __handle_irq_event_percpu+0x78/0x2b0 handle_irq_event_percpu+0x1c/0x68 handle_irq_event+0x44/0x78 handle_fasteoi_irq+0xc8/0x178 generic_handle_irq+0x24/0x38 __handle_domain_irq+0x90/0x100 gic_handle_irq+0x5c/0xb8 el1_irq+0xb8/0x180 _raw_spin_unlock_irqrestore+0x14/0x40 __setup_irq+0x4bc/0x798 request_threaded_irq+0xd8/0x190 devm_request_threaded_irq+0x74/0xe8 fsl_qdma_probe+0x4d4/0xca8 platform_drv_probe+0x50/0xa0 really_probe+0xe0/0x3f8 driver_probe_device+0x64/0x130 device_driver_attach+0x6c/0x78 __driver_attach+0xbc/0x158 bus_for_each_dev+0x5c/0x98 driver_attach+0x20/0x28 bus_add_driver+0x158/0x220 driver_register+0x60/0x110 __platform_driver_register+0x44/0x50 fsl_qdma_driver_init+0x18/0x20 do_one_initcall+0x48/0x258 kernel_init_freeable+0x1a4/0x23c kernel_init+0x10/0xf8 ret_from_fork+0x10/0x18

Package Linux Kernel

Published 2024-04-04

Last modified 2025-04-01

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-908

CVE-2024-26788 is classified as CWE-908

See CWE-908 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2024-26788 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Mailing List
Kernel patch commit
https://git.kernel.org/stable/c/3cc5fb824c2125aa3740d905b3e5b378c8a09478
Patch
Kernel patch commit
https://git.kernel.org/stable/c/4529c084a320be78ff2c5e64297ae998c6fdf66b
Patch
Kernel patch commit
https://git.kernel.org/stable/c/474d521da890b3e3585335fb80a6044cb2553d99
Patch

7 patch commits total View all on NVD

Details

CVE ID CVE-2024-26788

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-04-04

Modified 2025-04-01

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2024-26788?

CVE-2024-26788 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2024-26788 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-26788?

CVE-2024-26788 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-26788?

No patch is currently available for CVE-2024-26788. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2024-26788 actively exploited?

No — CVE-2024-26788 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.