CVE-2024-57985

Feb. 27, 2025, 2:15 a.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Cleanup global '__scm' on probe failures If SCM driver fails the probe, it should not leave global '__scm' variable assigned, because external users of this driver will assume the probe finished successfully. For example TZMEM parts ('__scm->mempool') are initialized later in the probe, but users of it (__scm_smc_call()) rely on the '__scm' variable. This fixes theoretical NULL pointer exception, triggered via introducing probe deferral in SCM driver with call trace: qcom_tzmem_alloc+0x70/0x1ac (P) qcom_tzmem_alloc+0x64/0x1ac (L) qcom_scm_assign_mem+0x78/0x194 qcom_rmtfs_mem_probe+0x2d4/0x38c platform_probe+0x68/0xc8

Product(s) Impacted

Product Versions
Linux kernel
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/1e76b546e6fca7eb568161f408133904ca6bcf4f
https://git.kernel.org/stable/c/390d3baeba51a126f75c97b90ec28b9384ce4b84
https://git.kernel.org/stable/c/faf1715798fe72b79e4432ce8c6d03ca69765425

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-02-27
CVE-2024-57985

Timeline

Published: Feb. 27, 2025, 2:15 a.m.
Last Modified: Feb. 27, 2025, 2:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.