Executive Summary

Informations
Name CVE-2024-58068 First vendor Publication 2025-03-06
Vendor Cve Last vendor Modification 2025-03-25

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized

If a driver calls dev_pm_opp_find_bw_ceil/floor() the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were missing in the OPP consumer node, the kernel will crash with:

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004 ... pc : _read_bw+0x8/0x10 lr : _opp_table_find_key+0x9c/0x174 ... Call trace:
_read_bw+0x8/0x10 (P)
_opp_table_find_key+0x9c/0x174 (L)
_find_key+0x98/0x168
dev_pm_opp_find_bw_ceil+0x50/0x88 ...

In order to fix the crash, create an assert function to check if the bandwidth table was created before trying to get a bandwidth with _read_bw().

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-476 NULL Pointer Dereference

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3701

Sources (Detail)

https://git.kernel.org/stable/c/5165486681dbd67b61b975c63125f2a5cb7f96d1
https://git.kernel.org/stable/c/84ff05c9bd577157baed711a4f0b41206593978b
https://git.kernel.org/stable/c/8532fd078d2a5286915d03bb0a0893ee1955acef
https://git.kernel.org/stable/c/b44b9bc7cab2967c3d6a791b1cd542c89fc07f0e
https://git.kernel.org/stable/c/ff2def251849133be6076a7c2d427d8eb963c223
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2025-03-28 17:20:49
  • Multiple Updates
2025-03-28 13:48:14
  • Multiple Updates
2025-03-28 03:22:51
  • Multiple Updates
2025-03-25 17:20:48
  • Multiple Updates
2025-03-06 21:20:32
  • First insertion