{"id":"CVE-2024-58084","summary":"firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool()\n\nCommit 2e4955167ec5 (\"firmware: qcom: scm: Fix __scm and waitq\ncompletion variable initialization\") introduced a write barrier in probe\nfunction to store global '__scm' variable.  We all known barriers are\npaired (see memory-barriers.txt: \"Note that write barriers should\nnormally be paired with read or address-dependency barriers\"), therefore\naccessing it from concurrent contexts requires read barrier.  Previous\ncommit added such barrier in qcom_scm_is_available(), so let's use that\ndirectly.\n\nLack of this read barrier can result in fetching stale '__scm' variable\nvalue, NULL, and dereferencing it.\n\nNote that barrier in qcom_scm_is_available() satisfies here the control\ndependency.","modified":"2026-04-02T12:25:31.089713Z","published":"2025-03-06T16:22:31.998Z","related":["USN-7521-2"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/58xxx/CVE-2024-58084.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/b628510397b5cafa1f5d3e848a28affd1c635302"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e03db7c1255ebabba5e1a447754faeb138de15a2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fee921e3c641f64185abee83f9a6e65f0b380682"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/58xxx/CVE-2024-58084.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-58084"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"449d0d84bcd8246b508d07995326d13c54488b8c"},{"fixed":"fee921e3c641f64185abee83f9a6e65f0b380682"},{"fixed":"e03db7c1255ebabba5e1a447754faeb138de15a2"},{"fixed":"b628510397b5cafa1f5d3e848a28affd1c635302"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58084.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}