CVE-2024-26706: parisc: Fix random data corruption from exception handler
In the Linux kernel, the following vulnerability has been resolved:
parisc: Fix random data corruption from exception handler
The current exception handler implementation, which assists when accessing
user space memory, may exhibit random data corruption if the compiler decides
to use a different register than the specified register %r29 (defined in
ASM_EXCEPTIONTABLE_REG) for the error code. If the compiler choose another
register, the fault handler will nevertheless store -EFAULT into %r29 and thus
trash whatever this register is used for.
Looking at the assembly I found that this happens sometimes in emulate_ldd().
To solve the issue, the easiest solution would be if it somehow is
possible to tell the fault handler which register is used to hold the error
code. Using %0 or %1 in the inline assembly is not posssible as it will show
up as e.g. %r29 (with the "%r" prefix), which the GNU assembler can not
convert to an integer.
This patch takes another, better and more flexible approach:
We extend the __ex_table (which is out of the execution path) by one 32-word.
In this word we tell the compiler to insert the assembler instruction
"or %r0,%r0,%reg", where %reg references the register which the compiler
choosed for the error return code.
In case of an access failure, the fault handler finds the __ex_table entry and
can examine the opcode. The used register is encoded in the lowest 5 bits, and
the fault handler can then store -EFAULT into this register.
Since we extend the __ex_table to 3 words we can't use the BUILDTIME_TABLE_SORT
config option any longer.
Security readout for executives and security teams
Plain-English summary
This is a Linux kernel defect specific to the PA-RISC/parisc architecture. Under some exception-handling paths, the kernel may write an error value into the wrong CPU register, causing random data corruption. Business urgency depends mainly on whether the organization still runs PA-RISC Linux systems.
Executive priority
Treat this as targeted technical debt unless PA-RISC Linux is present. If such systems support critical workloads, schedule kernel updates promptly because the impact is data integrity and stability, even without evidence of active exploitation.
Technical view
The parisc exception-table handling for userspace memory access assumed the error code register was %r29. Compiler register selection could differ, so the fault handler could corrupt another value. The fix extends __ex_table metadata so the handler can identify the compiler-selected error register.
Likely exposure
Exposure appears limited to Linux systems running the parisc architecture with affected kernel versions. Typical x86, x86_64, and ARM fleets are not indicated as affected by the provided sources. Confirm any legacy PA-RISC hardware, specialized appliances, or emulated parisc environments.
Exploitation context
The bundle does not cite active exploitation, and KEV is false. The source describes random data corruption during exception handling, not a published exploitation technique. No exploit prerequisites, public exploit, or attacker workflow are provided in the supplied evidence.
Researcher notes
The key exposure discriminator is architecture. The CVE data names Linux and parisc-specific exception handling, but does not provide CVSS, CWE, exploit status, or broad platform impact. Verify exact fixed status through kernel or distribution backports.
Mitigation direction
Identify any Linux systems using the parisc architecture.
Update affected parisc kernels to vendor-supported fixed releases.
Confirm the referenced stable kernel commits are included in deployed kernels.
If patching is delayed, check distributor guidance for supported mitigations.
Prioritize systems where data corruption would affect integrity or availability.
Validation and detection
Inventory kernel architecture and version across legacy Linux assets.
Compare deployed kernels with the affected and fixed versions in the CVE record.
Review vendor or distribution advisories for backported fixes.
Check kernel changelogs for the parisc exception-table fix.
Monitor affected systems for unexplained data corruption or instability.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2024-26706 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.