CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-58034: memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()

Description

In the Linux kernel, the following vulnerability has been resolved:

memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()

As of_find_node_by_name() release the reference of the argument device
node, tegra_emc_find_node_by_ram_code() releases some device nodes while
still in use, resulting in possible UAFs. According to the bindings and
the in-tree DTS files, the "emc-tables" node is always device's child
node with the property "nvidia,use-ram-code", and the "lpddr2" node is a
child of the "emc-tables" node. Thus utilize the
for_each_child_of_node() macro and of_get_child_by_name() instead of
of_find_node_by_name() to simplify the code.

This bug was found by an experimental verification tool that I am
developing.

[krzysztof: applied v1, adjust the commit msg to incorporate v2 parts]

Classification

CVE ID: CVE-2024-58034

Affected Products

Vendor: Linux, Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 1.9% (scored less or equal to compared to others)

EPSS Date: 2025-03-28 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-58034
https://git.kernel.org/stable/c/e9d07e91de140679eeaf275f47ad154467cb9e05
https://git.kernel.org/stable/c/c144423cb07e4e227a8572d5742ca2b36ada770d
https://git.kernel.org/stable/c/3b02273446e23961d910b50cc12528faec649fb2
https://git.kernel.org/stable/c/755e44538c190c31de9090d8e8821d228fcfd416
https://git.kernel.org/stable/c/b9784e5cde1f9fb83661a70e580e381ae1264d12

Timeline

2025-02-27 21:40:14 UTC
CVE

memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()