NULL Pointer Dereference Vulnerability in Linux Kernel Firmware by Qualcomm
CVE-2024-57852

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
27 February 2025

What is CVE-2024-57852?

A significant vulnerability in the Linux kernel firmware related to Qualcomm's secure communication management (SCM) has been identified. This issue arises when the function qcom_scm_get_tzmem_pool() fails to return a valid memory pool, returning NULL instead. It emphasizes the necessity for developers to implement proper handling mechanisms to avoid a potential system crash or instability. The vulnerability was resolved in a recent commit, ensuring that all consumers of this function properly address scenarios where a NULL pointer is returned to enhance overall system security and reliability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux ca61d6836e6f4442a77762e1074d2706a2a6e578

Linux ca61d6836e6f4442a77762e1074d2706a2a6e578 < 57a811c0886f3f3677bb4619502b35b5bb917f2e

Linux ca61d6836e6f4442a77762e1074d2706a2a6e578 < 94f48ecf0a538019ca2025e0b0da391f8e7cc58c

References

https://git.kernel.org/stable/c/cd955b75849b58b650ca3f87b...
https://git.kernel.org/stable/c/57a811c0886f3f3677bb46195...
https://git.kernel.org/stable/c/94f48ecf0a538019ca2025e0b...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.