CVE-2024-26768

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-rc2+

Description The issue is related to the LoongArch architecture in the Linux kernel. When the hardware platform has more than 64 CPUs, the system will crash due to an array overflow when parsing the MADT table. The array acpi core pic[NR CPUS] can be overflowed, causing the system to crash. The patch changes the array to acpi core pic[MAX CORE PIC], which is the maximum CPU number in the MADT table. This change allows the system to boot up 64 vcpus with the qemu parameter -smp 128 without crashing.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the patch, which is version 6.8.0-rc2+ or later.

Note: The provided information does not include any details about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. Therefore, these points are omitted from the description.