NULL Pointer Dereference Vulnerability in Linux Kernel Firmware by Qualcomm
CVE-2024-57852

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A significant vulnerability in the Linux kernel firmware related to Qualcomm's secure communication management (SCM) has been identified. This issue arises when the function qcom_scm_get_tzmem_pool() fails to return a valid memory pool, returning NULL instead. It emphasizes the necessity for developers to implement proper handling mechanisms to avoid a potential system crash or instability. The vulnerability was resolved in a recent commit, ensuring that all consumers of this function properly address scenarios where a NULL pointer is returned to enhance overall system security and reliability.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 57a811c0886f3f3677bb4619502b35b5bb917f2e

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 94f48ecf0a538019ca2025e0b0da391f8e7cc58c

References

https://git.kernel.org/stable/c/cd955b75849b58b650ca3f87b...

https://git.kernel.org/stable/c/57a811c0886f3f3677bb46195...

https://git.kernel.org/stable/c/94f48ecf0a538019ca2025e0b...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Feb 27, 2025