5.5

CVE-2024-57852

firmware: qcom: scm: smc: Handle missing SCM device

In the Linux kernel, the following vulnerability has been resolved:

firmware: qcom: scm: smc: Handle missing SCM device

Commit ca61d6836e6f ("firmware: qcom: scm: fix a NULL-pointer
dereference") makes it explicit that qcom_scm_get_tzmem_pool() can
return NULL, therefore its users should handle this.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.11.8 < 6.12
LinuxLinux Kernel Version >= 6.12.1 < 6.12.16
LinuxLinux Kernel Version >= 6.13 < 6.13.4
LinuxLinux Kernel Version6.12 Update-
LinuxLinux Kernel Version6.12 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.078
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/57a811c0886f3f3677bb4619502b35b5bb917f2e
Patch
https://git.kernel.org/stable/c/94f48ecf0a538019ca2025e0b0da391f8e7cc58c
Patch
https://git.kernel.org/stable/c/cd955b75849b58b650ca3f87b83bd78cde1da8bc
Patch