CVE-2024-26974: crypto: qat - resolve race condition during AER recovery

Published May 1, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

crypto: qat - resolve race condition during AER recovery

During the PCI AER system's error recovery process, the kernel driver may encounter a race condition with freeing the resetdata structure's memory. If the device restart will take more than 10 seconds the function scheduling that restart will exit due to a timeout, and the resetdata structure will be freed. However, this data structure is used for completion notification after the restart is completed, which leads to a UAF bug.

This results in a KFENCE bug notice.

BUG: KFENCE: use-after-free read in adfdeviceresetworker+0x38/0xa0 [intelqat] Use-after-free read at 0x00000000bc56fddf (in kfence-#142): adfdeviceresetworker+0x38/0xa0 [intelqat] processonework+0x173/0x340

To resolve this race condition, the memory associated to the container of the workstruct is freed on the worker if the timeout expired, otherwise on the function that schedules the worker. The timeout detection can be done by checking if the caller is still waiting for completion or not by using completiondone() function.

Other sources

In the Linux kernel, the following vulnerability has been resolved:

crypto: qat - resolve race condition during AER recovery

The Linux kernel CVE team has assigned CVE-2024-26974 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050132-CVE-2024-26974-13eb@gregkh/T

Red Hat

Affected Software

23 affected componentsFixes available
redhat/kernel<4.19.312
4.19.312
redhat/kernel<5.4.274
5.4.274
redhat/kernel<5.10.215
5.10.215
redhat/kernel<5.15.154
5.15.154
redhat/kernel<6.1.84
6.1.84
redhat/kernel<6.6.24
6.6.24
redhat/kernel<6.7.12
6.7.12
redhat/kernel<6.8.3
6.8.3
redhat/kernel<6.9
6.9
Linux Linux kernel>=3.17<4.19.312
Linux Linux kernel>=4.20<5.4.274
Linux Linux kernel>=5.5<5.10.215
Linux Linux kernel>=5.11<5.15.154
Linux Linux kernel>=5.16<6.1.84
Linux Linux kernel>=6.2<6.6.24
Linux Linux kernel>=6.7<6.7.12
Linux Linux kernel>=6.8<6.8.3
Debian Debian Linux=10.0
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.25-16.12.27-1

Remediation

Patch Available

https://git.kernel.org/stable/c/0c2cf5142bfb634c0ef0a1a69cdf37950747d0be

Patch Available

https://git.kernel.org/stable/c/226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7

Patch Available

https://git.kernel.org/stable/c/4ae5a97781ce7d6ecc9c7055396535815b64ca4f

Patch Available

https://git.kernel.org/stable/c/7d42e097607c4d246d99225bf2b195b6167a210c

Patch Available

https://git.kernel.org/stable/c/8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc

Patch Available

https://git.kernel.org/stable/c/8e81cd58aee14a470891733181a47d123193ba81

Patch Available

https://git.kernel.org/stable/c/bb279ead42263e9fb09480f02a4247b2c287d828

Patch Available

https://git.kernel.org/stable/c/d03092550f526a79cf1ade7f0dfa74906f39eb71

Patch Available

https://git.kernel.org/stable/c/daba62d9eeddcc5b1081be7d348ca836c83c59d7

Event History

May 1, 2024
CVE Published
via MITRE·05:20 AM
Data Sourced
via MITRE·05:20 AM
Description
Data Sourced
via NVD·06:15 AM
RemedyDescriptionSeverityWeaknessAffected Software
Data Sourced
via Red Hat·07:41 PM
DescriptionSeverityAffected Software
Jul 12, 2024
Data Sourced
via Launchpad·02:47 PM
Description
May 9, 2025
Data Sourced
via Ubuntu·12:19 AM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-26974?

CVE-2024-26974 has been identified as having a medium severity due to its potential impact on system stability during error recovery processes.

2

How do I fix CVE-2024-26974?

To fix CVE-2024-26974, update your Linux kernel to version 4.19.312, 5.4.274, 5.10.215, 5.15.154, 6.1.84, 6.6.24, 6.7.12, 6.8.3, or 6.9.

3

Which systems are affected by CVE-2024-26974?

CVE-2024-26974 affects various versions of the Linux kernel across distributions like Red Hat and Debian.

4

What causes CVE-2024-26974?

CVE-2024-26974 is caused by a race condition during the PCI AER system's error recovery process in the Linux kernel.

5

Is there a workaround for CVE-2024-26974?

There is no official workaround for CVE-2024-26974; the only resolution is to apply the recommended kernel upgrades.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203