CVE-2024-53158: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-53158 affects the Linux kernel's GENI-based QUP Wrapper driver, specifically in the geniseclktblget() function. The vulnerability was discovered on December 24, 2024, and involves an array underflow condition in the soc/qcom/geni-se component (NVD).

The vulnerability exists in a loop that is intended to break if the frequency returned from clkroundrate() matches the previous iteration's frequency. However, the check is flawed during the first iteration of the loop, as it attempts to read before the start of the se->clkperftbl[] array, resulting in an array underflow condition. This issue was introduced in the commit that added the GENI based QUP Wrapper driver (Kernel Commit).

The array underflow vulnerability in the Linux kernel's GENI-based QUP Wrapper driver could potentially lead to memory access violations when accessing the clock performance table. This affects systems using Qualcomm SoC implementations that utilize the GENI serial engine (Ubuntu Security).

The vulnerability has been patched in various Linux kernel versions. The fix involves adding a condition to check if the loop index is greater than 0 before comparing frequencies. Ubuntu has released fixes for version 6.11.0-18.18 in 24.10 (oracular) and other distributions are in the process of releasing patches (Ubuntu Security).