In the Linux kernel, the following vulnerability has been resolved:

dmaengine: fsl-qdma: init irq after reg initialization

Initialize the qDMA irqs after the registers are configured so that
interrupts that may have been pending from a primary kernel don't get
processed by the irq handler before it is ready to and cause panic with
the following trace:

Call trace:
fsl_qdma_queue_handler+0xf8/0x3e8
__handle_irq_event_percpu+0x78/0x2b0
handle_irq_event_percpu+0x1c/0x68
handle_irq_event+0x44/0x78
handle_fasteoi_irq+0xc8/0x178
generic_handle_irq+0x24/0x38
__handle_domain_irq+0x90/0x100
gic_handle_irq+0x5c/0xb8
el1_irq+0xb8/0x180
_raw_spin_unlock_irqrestore+0x14/0x40
__setup_irq+0x4bc/0x798
request_threaded_irq+0xd8/0x190
devm_request_threaded_irq+0x74/0xe8
fsl_qdma_probe+0x4d4/0xca8
platform_drv_probe+0x50/0xa0
really_probe+0xe0/0x3f8
driver_probe_device+0x64/0x130
device_driver_attach+0x6c/0x78
__driver_attach+0xbc/0x158
bus_for_each_dev+0x5c/0x98
driver_attach+0x20/0x28
bus_add_driver+0x158/0x220
driver_register+0x60/0x110
__platform_driver_register+0x44/0x50
fsl_qdma_driver_init+0x18/0x20
do_one_initcall+0x48/0x258
kernel_init_freeable+0x1a4/0x23c
kernel_init+0x10/0xf8
ret_from_fork+0x10/0x18

References

• https://nvd.nist.gov/vuln/detail/CVE-2024-26788
• https://git.kernel.org/stable/c/3cc5fb824c2125aa3740d905b3e5b378c8a09478
• https://git.kernel.org/stable/c/4529c084a320be78ff2c5e64297ae998c6fdf66b
• https://git.kernel.org/stable/c/474d521da890b3e3585335fb80a6044cb2553d99
• https://git.kernel.org/stable/c/677102a930643c31f1b4c512b041407058bdfef8
• https://git.kernel.org/stable/c/87a39071e0b639f45e05d296cc0538eef44ec0bd
• https://git.kernel.org/stable/c/9579a21e99fe8dab22a253050ddff28d340d74e1
• https://git.kernel.org/stable/c/a69c8bbb946936ac4eb6a6ae1e849435aa8d947d
• https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html