PT-2024-7730 · Linux+9 · Linux Kernel+9

Jakub Raczynski

·

Published

2024-02-19

·

Updated

2025-09-29

·

CVE-2024-26802

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The vulnerability is related to the stmmac component of the Linux kernel, which can cause a kernel/module panic when attempting to clear a workqueue that was not initialized. This scenario can occur when resuming a suspended driver, specifically in the stmmac resume() function, due to the lack of handling for failed stmmac hw setup(), which can fail if the DMA engine has not been initialized. The issue arises because the workqueue is initialized after the DMA engine and can be skipped, leading to a crash when the workqueue is destroyed during the reset process. To secure against this possible crash, the workqueue variable should be set to NULL when destroying the workqueue.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2024:5101
ALSA-2024:5102
ALSA-2025_16880
BDU:2024-09196
CESA-2024_5101
CESA-2024_5102
CVE-2024-26802
DSA-5658-1
INFSA-2024_5101
INFSA-2024_5102
OPENSUSE-SU-2024_2947-1
RHSA-2024:5101
RHSA-2024:5102
RHSA-2024_5101
RHSA-2024_5102
RLSA-2024:5101
RLSA-2024:5102
RXSA-2024:5101
SUSE-SU-2024:2135-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2894-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2947-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
USN-6820-1
USN-6820-2
USN-6821-1
USN-6821-2
USN-6821-3
USN-6821-4
USN-6828-1
USN-6871-1
USN-6892-1
USN-6895-1
USN-6895-2
USN-6895-3
USN-6895-4
USN-6900-1
USN-6919-1

Affected Products

Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu