Executive Summary

Informations
Name CVE-2024-58081 First vendor Publication 2025-03-06
Vendor Cve Last vendor Modification 2025-03-25

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

clk: mmp2: call pm_genpd_init() only after genpd.name is set

Setting the genpd's struct device's name with dev_set_name() is happening within pm_genpd_init(). If it remains NULL, things can blow up later, such as when crafting the devfs hierarchy for the power domain:

Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read
...
Call trace:
strlen from start_creating+0x90/0x138
start_creating from debugfs_create_dir+0x20/0x178
debugfs_create_dir from genpd_debug_add.part.0+0x4c/0x144
genpd_debug_add.part.0 from genpd_debug_init+0x74/0x90
genpd_debug_init from do_one_initcall+0x5c/0x244
do_one_initcall from kernel_init_freeable+0x19c/0x1f4
kernel_init_freeable from kernel_init+0x1c/0x12c
kernel_init from ret_from_fork+0x14/0x28

Bisecting tracks this crash back to commit 899f44531fe6 ("pmdomain: core: Add GENPD_FLAG_DEV_NAME_FW flag"), which exchanges use of genpd->name with dev_name(&genpd->dev) in genpd_debug_add.part().

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58081

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-476 NULL Pointer Dereference

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3701

Sources (Detail)

https://git.kernel.org/stable/c/763517124e27b07fa300b486d7d13c5d563a215e
https://git.kernel.org/stable/c/e24b15d4704dcb73920c3d18a6157abd18df08c1
https://git.kernel.org/stable/c/eca01d5911fb34218d10a58d8d9534b758c8fd0a
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2025-03-28 17:20:48
  • Multiple Updates
2025-03-28 13:48:15
  • Multiple Updates
2025-03-28 03:22:52
  • Multiple Updates
2025-03-25 17:20:37
  • Multiple Updates
2025-03-06 21:20:32
  • First insertion