CVE-2024-58084
📋 TL;DR
This CVE describes a missing read memory barrier in the Linux kernel's Qualcomm SCM firmware driver, specifically in the qcom_scm_get_tzmem_pool() function. The vulnerability could allow concurrent processes to read a stale NULL value from the '__scm' global variable, leading to a NULL pointer dereference and kernel crash. This affects Linux systems using Qualcomm hardware with the vulnerable driver.
💻 Affected Systems
- Linux kernel with Qualcomm SCM firmware driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical access to restart affected devices.
Likely Case
System instability or crashes under specific concurrent access conditions to the SCM firmware interface.
If Mitigated
Minimal impact if systems are not heavily utilizing the affected SCM functions or have proper isolation.
🎯 Exploit Status
Exploitation requires local access and ability to trigger concurrent access to the vulnerable function. No public exploits have been reported.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits b628510397b5cafa1f5d3e848a28affd1c635302, e03db7c1255ebabba5e1a447754faeb138de15a2, fee921e3c641f64185abee83f9a6e65f0b380682
Vendor Advisory: https://git.kernel.org/stable/c/b628510397b5cafa1f5d3e848a28affd1c635302
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Apply kernel security updates from your vendor. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable SCM firmware driver
linuxRemove or blacklist the qcom_scm driver if not required for system functionality
echo 'blacklist qcom_scm' >> /etc/modprobe.d/blacklist.conf
rmmod qcom_scm
🧯 If You Can't Patch
- Restrict local user access to prevent malicious code execution
- Implement strict process isolation and resource limits to reduce concurrent access scenarios
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if qcom_scm module is loaded: lsmod | grep qcom_scm && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or check with distribution's security advisory📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- NULL pointer dereference errors in kernel logs
- System crash/reboot events
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "qcom_scm" OR "kernel panic")