{"id":"CVE-2024-58084","summary":"firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool()\n\nCommit 2e4955167ec5 (\"firmware: qcom: scm: Fix __scm and waitq\ncompletion variable initialization\") introduced a write barrier in probe\nfunction to store global '__scm' variable.  We all known barriers are\npaired (see memory-barriers.txt: \"Note that write barriers should\nnormally be paired with read or address-dependency barriers\"), therefore\naccessing it from concurrent contexts requires read barrier.  Previous\ncommit added such barrier in qcom_scm_is_available(), so let's use that\ndirectly.\n\nLack of this read barrier can result in fetching stale '__scm' variable\nvalue, NULL, and dereferencing it.\n\nNote that barrier in qcom_scm_is_available() satisfies here the control\ndependency.","modified":"2026-03-12T17:40:43.497666Z","published":"2025-03-06T16:22:31.998Z","related":["USN-7521-2"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/58xxx/CVE-2024-58084.json","cna_assigner":"Linux"},"references":[{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b628510397b5cafa1f5d3e848a28affd1c635302"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e03db7c1255ebabba5e1a447754faeb138de15a2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fee921e3c641f64185abee83f9a6e65f0b380682"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/58xxx/CVE-2024-58084.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-58084"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"449d0d84bcd8246b508d07995326d13c54488b8c"},{"fixed":"fee921e3c641f64185abee83f9a6e65f0b380682"},{"fixed":"e03db7c1255ebabba5e1a447754faeb138de15a2"},{"fixed":"b628510397b5cafa1f5d3e848a28affd1c635302"}]}],"versions":["v6.10","v6.10-rc2","v6.10-rc3","v6.10-rc4","v6.10-rc5","v6.10-rc6","v6.10-rc7","v6.11","v6.11-rc1","v6.11-rc2","v6.11-rc3","v6.11-rc4","v6.11-rc5","v6.11-rc6","v6.11-rc7","v6.12","v6.12-rc1","v6.12-rc2","v6.12-rc3","v6.12-rc4","v6.12-rc5","v6.12-rc6","v6.12-rc7","v6.12.1","v6.12.10","v6.12.11","v6.12.12","v6.12.13","v6.12.2","v6.12.3","v6.12.4","v6.12.5","v6.12.6","v6.12.7","v6.12.8","v6.12.9","v6.13","v6.13-rc1","v6.13-rc2","v6.13-rc3","v6.13-rc4","v6.13-rc5","v6.13-rc6","v6.13-rc7","v6.13.1","v6.13.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58084.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}