{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-57985", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-27T02:04:28.913Z", "datePublished": "2025-02-27T02:07:09.983Z", "dateUpdated": "2025-05-04T10:07:44.660Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T10:07:44.660Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: scm: Cleanup global '__scm' on probe failures\n\nIf SCM driver fails the probe, it should not leave global '__scm'\nvariable assigned, because external users of this driver will assume the\nprobe finished successfully. For example TZMEM parts ('__scm->mempool')\nare initialized later in the probe, but users of it (__scm_smc_call())\nrely on the '__scm' variable.\n\nThis fixes theoretical NULL pointer exception, triggered via introducing\nprobe deferral in SCM driver with call trace:\n\n qcom_tzmem_alloc+0x70/0x1ac (P)\n qcom_tzmem_alloc+0x64/0x1ac (L)\n qcom_scm_assign_mem+0x78/0x194\n qcom_rmtfs_mem_probe+0x2d4/0x38c\n platform_probe+0x68/0xc8"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/qcom/qcom_scm.c"], "versions": [{"version": "40289e35ca525f29a03989352ab207b6a9675475", "lessThan": "390d3baeba51a126f75c97b90ec28b9384ce4b84", "status": "affected", "versionType": "git"}, {"version": "40289e35ca525f29a03989352ab207b6a9675475", "lessThan": "faf1715798fe72b79e4432ce8c6d03ca69765425", "status": "affected", "versionType": "git"}, {"version": "40289e35ca525f29a03989352ab207b6a9675475", "lessThan": "1e76b546e6fca7eb568161f408133904ca6bcf4f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/qcom/qcom_scm.c"], "versions": [{"version": "6.11", "status": "affected"}, {"version": "0", "lessThan": "6.11", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.13", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13.2", "lessThanOrEqual": "6.13.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.12.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.13.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.14"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/390d3baeba51a126f75c97b90ec28b9384ce4b84"}, {"url": "https://git.kernel.org/stable/c/faf1715798fe72b79e4432ce8c6d03ca69765425"}, {"url": "https://git.kernel.org/stable/c/1e76b546e6fca7eb568161f408133904ca6bcf4f"}], "title": "firmware: qcom: scm: Cleanup global '__scm' on probe failures", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C65B261-0C55-4563-835E-FD44483D02B3", "versionEndExcluding": "6.12.13", "versionStartIncluding": "6.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D4116B1-1BFD-4F23-BA84-169CC05FC5A3", "versionEndExcluding": "6.13.2", "versionStartIncluding": "6.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: scm: Cleanup global '__scm' on probe failures\n\nIf SCM driver fails the probe, it should not leave global '__scm'\nvariable assigned, because external users of this driver will assume the\nprobe finished successfully. For example TZMEM parts ('__scm->mempool')\nare initialized later in the probe, but users of it (__scm_smc_call())\nrely on the '__scm' variable.\n\nThis fixes theoretical NULL pointer exception, triggered via introducing\nprobe deferral in SCM driver with call trace:\n\n qcom_tzmem_alloc+0x70/0x1ac (P)\n qcom_tzmem_alloc+0x64/0x1ac (L)\n qcom_scm_assign_mem+0x78/0x194\n qcom_rmtfs_mem_probe+0x2d4/0x38c\n platform_probe+0x68/0xc8"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: qcom: scm: Limpieza de la variable global '__scm' en caso de fallos en la sonda Si el controlador SCM hace que la sonda falle, no deber\u00eda dejar asignada la variable global '__scm', porque los usuarios externos de este controlador asumir\u00e1n que la sonda finaliz\u00f3 correctamente. Por ejemplo, las partes TZMEM ('__scm->mempool') se inicializan m\u00e1s tarde en la sonda, pero los usuarios de esta (__scm_smc_call()) dependen de la variable '__scm'. Esto corrige la excepci\u00f3n te\u00f3rica del puntero NULL, activada mediante la introducci\u00f3n de un aplazamiento de la sonda en el controlador SCM con seguimiento de llamadas: qcom_tzmem_alloc+0x70/0x1ac (P) qcom_tzmem_alloc+0x64/0x1ac (L) qcom_scm_assign_mem+0x78/0x194 qcom_rmtfs_mem_probe+0x2d4/0x38c platform_probe+0x68/0xc8"}], "id": "CVE-2024-57985", "lastModified": "2025-10-23T17:56:25.347", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-27T02:15:11.703", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1e76b546e6fca7eb568161f408133904ca6bcf4f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/390d3baeba51a126f75c97b90ec28b9384ce4b84"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/faf1715798fe72b79e4432ce8c6d03ca69765425"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: firmware: qcom: scm: Cleanup global '__scm' on probe failures", "id": "2348624", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348624"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfirmware: qcom: scm: Cleanup global '__scm' on probe failures\nIf SCM driver fails the probe, it should not leave global '__scm'\nvariable assigned, because external users of this driver will assume the\nprobe finished successfully. For example TZMEM parts ('__scm->mempool')\nare initialized later in the probe, but users of it (__scm_smc_call())\nrely on the '__scm' variable.\nThis fixes theoretical NULL pointer exception, triggered via introducing\nprobe deferral in SCM driver with call trace:\nqcom_tzmem_alloc+0x70/0x1ac (P)\nqcom_tzmem_alloc+0x64/0x1ac (L)\nqcom_scm_assign_mem+0x78/0x194\nqcom_rmtfs_mem_probe+0x2d4/0x38c\nplatform_probe+0x68/0xc8"], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-57985", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-57985\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-57985\nhttps://lore.kernel.org/linux-cve-announce/2025022636-CVE-2024-57985-1f49@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-07-12T22:45:21.916338+00:00", "updated": "2025-07-12T22:45:21.916387+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}