CVE-2024-26598: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-26598 is a vulnerability discovered in the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem, specifically affecting the ARM64 vGIC-ITS (Virtual Generic Interrupt Controller - Interrupt Translation Service) component. The vulnerability was disclosed on February 23, 2024, and involves a potential Use-After-Free (UAF) scenario in the LPI translation cache (NVD).

The vulnerability occurs when an LPI translation cache hit races with an operation that invalidates the cache, such as a DISCARD ITS command. The root cause is that the vgic_its_check_cache() function does not elevate the refcount on the vgic_irq before dropping the lock that serializes refcount changes. The CVSS v3.1 base score for this vulnerability is 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could potentially lead to a Use-After-Free condition in the Linux kernel's virtualization subsystem, which could result in system crashes, information disclosure, or potential privilege escalation in virtualized environments running on ARM64 architecture (Kernel Patch).

The vulnerability has been patched by adding code to raise the refcount on the returned vgic_irq and adding the corresponding decrement after queueing the interrupt. The fix has been implemented across multiple Linux kernel versions, including 5.4.269, 5.10.209, 5.15.148, and 6.1.75 (NVD, Debian Security).