LiveActive security incident?Get immediate response
CVE Record

CVE-2024-26706: parisc: Fix random data corruption from exception handler

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data corruption if the compiler decides to use a different register than the specified register %r29 (defined in ASM_EXCEPTIONTABLE_REG) for the error code. If the compiler choose another register, the fault handler will nevertheless store -EFAULT into %r29 and thus trash whatever this register is used for. Looking at the assembly I found that this happens sometimes in emulate_ldd(). To solve the issue, the easiest solution would be if it somehow is possible to tell the fault handler which register is used to hold the error code. Using %0 or %1 in the inline assembly is not posssible as it will show up as e.g. %r29 (with the "%r" prefix), which the GNU assembler can not convert to an integer. This patch takes another, better and more flexible approach: We extend the __ex_table (which is out of the execution path) by one 32-word. In this word we tell the compiler to insert the assembler instruction "or %r0,%r0,%reg", where %reg references the register which the compiler choosed for the error return code. In case of an access failure, the fault handler finds the __ex_table entry and can examine the opcode. The used register is encoded in the lowest 5 bits, and the fault handler can then store -EFAULT into this register. Since we extend the __ex_table to 3 words we can't use the BUILDTIME_TABLE_SORT config option any longer.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel defect specific to the PA-RISC/parisc architecture. Under some exception-handling paths, the kernel may write an error value into the wrong CPU register, causing random data corruption. Business urgency depends mainly on whether the organization still runs PA-RISC Linux systems.

Executive priority

Treat this as targeted technical debt unless PA-RISC Linux is present. If such systems support critical workloads, schedule kernel updates promptly because the impact is data integrity and stability, even without evidence of active exploitation.

Technical view

The parisc exception-table handling for userspace memory access assumed the error code register was %r29. Compiler register selection could differ, so the fault handler could corrupt another value. The fix extends __ex_table metadata so the handler can identify the compiler-selected error register.

Likely exposure

Exposure appears limited to Linux systems running the parisc architecture with affected kernel versions. Typical x86, x86_64, and ARM fleets are not indicated as affected by the provided sources. Confirm any legacy PA-RISC hardware, specialized appliances, or emulated parisc environments.

Exploitation context

The bundle does not cite active exploitation, and KEV is false. The source describes random data corruption during exception handling, not a published exploitation technique. No exploit prerequisites, public exploit, or attacker workflow are provided in the supplied evidence.

Researcher notes

The key exposure discriminator is architecture. The CVE data names Linux and parisc-specific exception handling, but does not provide CVSS, CWE, exploit status, or broad platform impact. Verify exact fixed status through kernel or distribution backports.

Mitigation direction

  • Identify any Linux systems using the parisc architecture.
  • Update affected parisc kernels to vendor-supported fixed releases.
  • Confirm the referenced stable kernel commits are included in deployed kernels.
  • If patching is delayed, check distributor guidance for supported mitigations.
  • Prioritize systems where data corruption would affect integrity or availability.

Validation and detection

  • Inventory kernel architecture and version across legacy Linux assets.
  • Compare deployed kernels with the affected and fixed versions in the CVE record.
  • Review vendor or distribution advisories for backported fixes.
  • Check kernel changelogs for the parisc exception-table fix.
  • Monitor affected systems for unexplained data corruption or instability.
Prepared
Confidence
medium
Sources
6

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-26706 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
5Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxd19f5e41b344a057bb2450024a807476f30978d2, d19f5e41b344a057bb2450024a807476f30978d2, d19f5e41b344a057bb2450024a807476f30978d2, d19f5e41b344a057bb2450024a807476f30978d2, 09b931fcb87c8aad178475a7db1d4bfc939f7faa, 37e6234297379e0db25e39c2ca99776fea70026c, 4.9.21, 4.10.9unaffected
LinuxLinux4.11, 0, 6.1.79, 6.6.18, 6.7.6, 6.8affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.