DEBIAN-CVE-2024-58084

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2024-58084

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-58084.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-58084

Upstream

CVE-2024-58084

Published

2025-03-06T17:15:21Z

Modified

2025-09-19T06:24:48Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Fix missing read barrier in qcomscmgettzmempool() Commit 2e4955167ec5 ("firmware: qcom: scm: Fix scm and waitq completion variable initialization") introduced a write barrier in probe function to store global 'scm' variable. We all known barriers are paired (see memory-barriers.txt: "Note that write barriers should normally be paired with read or address-dependency barriers"), therefore accessing it from concurrent contexts requires read barrier. Previous commit added such barrier in qcomscmisavailable(), so let's use that directly. Lack of this read barrier can result in fetching stale 'scm' variable value, NULL, and dereferencing it. Note that barrier in qcomscmisavailable() satisfies here the control dependency.

References

https://security-tracker.debian.org/tracker/CVE-2024-58084

Affected packages

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.15-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.15-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}