CVE-2024-26751: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-26751 is a vulnerability in the Linux kernel's ARM ep93xx GPIO lookup table implementation. The vulnerability was discovered in early 2024 and affects the Linux kernel's handling of GPIO descriptors. The issue occurs when a conid is passed to gpiofind() that does not exist in the lookup table, causing the function to continue looping incorrectly and eventually resulting in an oops condition (NVD).

The vulnerability stems from a missing terminator in the gpiodlookuptable structure in the ARM ep93xx driver. This implementation flaw causes the gpiofind() function to continue looping indefinitely when searching for a non-existent conid in the lookup table, eventually leading to a kernel oops. The issue was traced back to a previous commit that converted the I2C GPIO implementation to use descriptors (Kernel Commit).

When exploited, this vulnerability can cause a kernel oops condition in affected systems using the ARM ep93xx GPIO implementation, potentially leading to a denial of service situation (NVD).

The issue has been fixed by adding a terminator to the gpiodlookuptable structure. Various Linux distributions have released patches, including Ubuntu which has fixed the issue in versions 5.15.0-112.122 for 22.04 LTS and 5.4.0-186.206 for 20.04 LTS (Ubuntu). Debian has also addressed this in version 5.10.216-1 for bullseye and 6.1.123-1 for bookworm (Debian).