CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-58084

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool() Commit 2e4955167ec5 ("firmware: qcom: scm: Fix __scm and waitq completion variable initialization") introduced a write barrier in probe function to store global '__scm' variable. We all known barriers are paired (see memory-barriers.txt: "Note that write barriers should normally be paired with read or address-dependency barriers"), therefore accessing it from concurrent contexts requires read barrier. Previous commit added such barrier in qcom_scm_is_available(), so let's use that directly. Lack of this read barrier can result in fetching stale '__scm' variable value, NULL, and dereferencing it. Note that barrier in qcom_scm_is_available() satisfies here the control dependency.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.9%

CVSS Severity

CVSS v3 Score 5.5

References

Products affected by CVE-2024-58084

Linux » Linux Kernel » Version: 6.11

cpe:2.3:o:linux:linux_kernel:6.11
Linux » Linux Kernel » Version: 6.11.1

cpe:2.3:o:linux:linux_kernel:6.11.1
Linux » Linux Kernel » Version: 6.11.10

cpe:2.3:o:linux:linux_kernel:6.11.10
Linux » Linux Kernel » Version: 6.11.11

cpe:2.3:o:linux:linux_kernel:6.11.11
Linux » Linux Kernel » Version: 6.11.2

cpe:2.3:o:linux:linux_kernel:6.11.2
Linux » Linux Kernel » Version: 6.11.3

cpe:2.3:o:linux:linux_kernel:6.11.3
Linux » Linux Kernel » Version: 6.11.4

cpe:2.3:o:linux:linux_kernel:6.11.4
Linux » Linux Kernel » Version: 6.11.5

cpe:2.3:o:linux:linux_kernel:6.11.5
Linux » Linux Kernel » Version: 6.11.6

cpe:2.3:o:linux:linux_kernel:6.11.6
Linux » Linux Kernel » Version: 6.11.7

cpe:2.3:o:linux:linux_kernel:6.11.7
Linux » Linux Kernel » Version: 6.11.8

cpe:2.3:o:linux:linux_kernel:6.11.8
Linux » Linux Kernel » Version: 6.11.9

cpe:2.3:o:linux:linux_kernel:6.11.9
Linux » Linux Kernel » Version: 6.12

cpe:2.3:o:linux:linux_kernel:6.12
Linux » Linux Kernel » Version: 6.12.1

cpe:2.3:o:linux:linux_kernel:6.12.1
Linux » Linux Kernel » Version: 6.12.10

cpe:2.3:o:linux:linux_kernel:6.12.10
Linux » Linux Kernel » Version: 6.12.11

cpe:2.3:o:linux:linux_kernel:6.12.11
Linux » Linux Kernel » Version: 6.12.12

cpe:2.3:o:linux:linux_kernel:6.12.12
Linux » Linux Kernel » Version: 6.12.13

cpe:2.3:o:linux:linux_kernel:6.12.13
Linux » Linux Kernel » Version: 6.12.14

cpe:2.3:o:linux:linux_kernel:6.12.14
Linux » Linux Kernel » Version: 6.12.2

cpe:2.3:o:linux:linux_kernel:6.12.2
Linux » Linux Kernel » Version: 6.12.3

cpe:2.3:o:linux:linux_kernel:6.12.3
Linux » Linux Kernel » Version: 6.12.4

cpe:2.3:o:linux:linux_kernel:6.12.4
Linux » Linux Kernel » Version: 6.12.5

cpe:2.3:o:linux:linux_kernel:6.12.5
Linux » Linux Kernel » Version: 6.12.6

cpe:2.3:o:linux:linux_kernel:6.12.6
Linux » Linux Kernel » Version: 6.12.7

cpe:2.3:o:linux:linux_kernel:6.12.7
Linux » Linux Kernel » Version: 6.12.8

cpe:2.3:o:linux:linux_kernel:6.12.8
Linux » Linux Kernel » Version: 6.12.9

cpe:2.3:o:linux:linux_kernel:6.12.9
Linux » Linux Kernel » Version: 6.13

cpe:2.3:o:linux:linux_kernel:6.13
Linux » Linux Kernel » Version: 6.13.1

cpe:2.3:o:linux:linux_kernel:6.13.1
Linux » Linux Kernel » Version: 6.13.2

cpe:2.3:o:linux:linux_kernel:6.13.2
Linux » Linux Kernel » Version: 6.13.3

cpe:2.3:o:linux:linux_kernel:6.13.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-58084

Products

Pricing

Contact Us