CVE-2024-57852

MEDIUM5.5

firmware: qcom: scm: smc: Handle missing SCM device

Published Feb 27, 2025

Modified 7 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

firmware: qcom: scm: smc: Handle missing SCM device

Commit ca61d6836e6f ("firmware: qcom: scm: fix a NULL-pointer dereference") makes it explicit that qcom_scm_get_tzmem_pool() can return NULL, therefore its users should handle this.

References

WEB

https://git.kernel.org/stable/c/57a811c0886f3f3677bb4619502b35b5bb917f2e

WEB

https://git.kernel.org/stable/c/94f48ecf0a538019ca2025e0b0da391f8e7cc58c

WEB

https://git.kernel.org/stable/c/cd955b75849b58b650ca3f87b83bd78cde1da8bc

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2024-57852

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedFeb 27, 2025

ModifiedSep 3, 2025