CVE-2024-53069: Resolved Linux Kernel Vulnerability - Firmware Qcom SCM NULL Pointer Dereference

In the world of cybersecurity, fixing vulnerabilities is essential to keep our systems secure from potential attacks. Recently, a critical vulnerability was discovered in the Linux kernel and has been resolved successfully. The bug, identified as CVE-2024-53069, involves the firmware, Qualcomm (qcom), and secure channel manager (scm) components that cause a NULL-pointer dereference issue.

In this post, we'll discuss the details of this vulnerability, provide a code snippet demonstrating the fix, and add original references for deeper understanding. So, let's dive in!

Exploit Details

The vulnerability exists in the Linux kernel's handling of Qualcomm's firmware and secure channel manager (scm) drivers. Specifically, under certain conditions, some SCM calls can be invoked when the _scm variable is NULL, which means the driver may have not been probed or won't be probed as there isn't an SCM entry in the device-tree. This can potentially lead to a NULL pointer dereference, causing system instability, crashes, and potential security risks.

Code Snippet

The fix for this vulnerability can be seen in the diff provided below, which demonstrates how to handle the NULL-pointer dereference scenario properly:

--- a/drivers/firmware/qcom_scm-32.c
+++ b/drivers/firmware/qcom_scm-32.c
@@ -163,6 +163,10 @@ static int __qcom_scm_call32(struct qcom_scm_call *call)
 {
 	struct qcom_scm_device *scm = __scm;
 
+	if (!scm) {
+		pr_err("__scm is NULL");
+		return -ENODEV;
+	}
 	return qcom_scm_call(scm->dev, call);
 }

As seen in the diff, the addition of

if (!scm) {
	pr_err("__scm is NULL");
	return -ENODEV;
}

Ensures that the code running below it won't dereference a NULL pointer, avoiding the crash scenario and addressing the vulnerability.

Original References

To explore this issue further and review the original patch for this vulnerability, refer to the following links:

- Linux Kernel Mailing List (LKML)
- Patchwork - Patch Tracking System
- GitHub Commit

Conclusion

CVE-2024-53069 highlights the importance of staying vigilant in the ever-evolving world of cybersecurity. Thanks to the diligence and quick response of the Linux kernel developers, this vulnerability has been addressed and resolved. As always, it is crucial to keep systems up to date with the latest patches and updates to ensure our digital world remains safe and secure.

Timeline

Published on: 11/19/2024 18:15:26 UTC
Last modified on: 11/22/2024 22:26:20 UTC