5.5
CVE-2024-58084
- EPSS 0.04%
- Veröffentlicht 06.03.2025 17:15:21
- Zuletzt bearbeitet 01.10.2025 20:18:14
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool()
In the Linux kernel, the following vulnerability has been resolved:
firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool()
Commit 2e4955167ec5 ("firmware: qcom: scm: Fix __scm and waitq
completion variable initialization") introduced a write barrier in probe
function to store global '__scm' variable. We all known barriers are
paired (see memory-barriers.txt: "Note that write barriers should
normally be paired with read or address-dependency barriers"), therefore
accessing it from concurrent contexts requires read barrier. Previous
commit added such barrier in qcom_scm_is_available(), so let's use that
directly.
Lack of this read barrier can result in fetching stale '__scm' variable
value, NULL, and dereferencing it.
Note that barrier in qcom_scm_is_available() satisfies here the control
dependency.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.11 <= 6.12.14
Linux ≫ Linux Kernel Version >= 6.13 <= 6.13.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.109 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.