CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-57985: firmware: qcom: scm: Cleanup global '__scm' on probe failures

Description

In the Linux kernel, the following vulnerability has been resolved:

firmware: qcom: scm: Cleanup global '__scm' on probe failures

If SCM driver fails the probe, it should not leave global '__scm'
variable assigned, because external users of this driver will assume the
probe finished successfully. For example TZMEM parts ('__scm->mempool')
are initialized later in the probe, but users of it (__scm_smc_call())
rely on the '__scm' variable.

This fixes theoretical NULL pointer exception, triggered via introducing
probe deferral in SCM driver with call trace:

qcom_tzmem_alloc+0x70/0x1ac (P)
qcom_tzmem_alloc+0x64/0x1ac (L)
qcom_scm_assign_mem+0x78/0x194
qcom_rmtfs_mem_probe+0x2d4/0x38c
platform_probe+0x68/0xc8

Classification

CVE ID: CVE-2024-57985

Affected Products

Vendor: Linux, Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 3.82% (scored less or equal to compared to others)

EPSS Date: 2025-03-27 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-57985
https://git.kernel.org/stable/c/390d3baeba51a126f75c97b90ec28b9384ce4b84
https://git.kernel.org/stable/c/faf1715798fe72b79e4432ce8c6d03ca69765425
https://git.kernel.org/stable/c/1e76b546e6fca7eb568161f408133904ca6bcf4f

Timeline

2025-02-27 02:40:14 UTC
CVE

firmware: qcom: scm: Cleanup global '__scm' on probe failures