Bug 2350404 (CVE-2024-58084) - CVE-2024-58084 kernel: firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool()
Summary: CVE-2024-58084 kernel: firmware: qcom: scm: Fix missing read barrier in qcom_...
Keywords:
Status: NEW
Alias: CVE-2024-58084
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-03-06 17:02 UTC by OSIDB Bzimport
Modified: 2025-03-07 11:02 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-03-06 17:02:02 UTC 
In the Linux kernel, the following vulnerability has been resolved:

firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool()

Commit 2e4955167ec5 ("firmware: qcom: scm: Fix __scm and waitq
completion variable initialization") introduced a write barrier in probe
function to store global '__scm' variable.  We all known barriers are
paired (see memory-barriers.txt: "Note that write barriers should
normally be paired with read or address-dependency barriers"), therefore
accessing it from concurrent contexts requires read barrier.  Previous
commit added such barrier in qcom_scm_is_available(), so let's use that
directly.

Lack of this read barrier can result in fetching stale '__scm' variable
value, NULL, and dereferencing it.

Note that barrier in qcom_scm_is_available() satisfies here the control
dependency.
Comment 1 Avinash Hanwate 2025-03-07 05:39:12 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025030634-CVE-2024-58084-16e9@gregkh/T
Comment 4 Avinash Hanwate 2025-03-07 10:58:48 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025030634-CVE-2024-58084-16e9@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.