Linux Kernel Vulnerability in Qualcomm SCM Leading to Potential Data Exposure

CVE-2024-58084

Summary

A vulnerability in the Linux kernel's Qualcomm SCM implementation may lead to improper handling of memory barriers, potentially allowing for the fetching of stale values of the '__scm' variable. This can occur due to missing read barriers that are essential for ensuring data integrity in concurrent contexts. As a result, there is a risk of dereferencing a NULL pointer, which could compromise the stability and security of the system. The issue has since been addressed, but systems running affected versions prior to the fix remain at risk.

References