CVE-2024-58034
"NVIDIA Tegra20 Linux Kernel Uninitialized Pointer Dereference Vulnerability"
Description
In the Linux kernel, the following vulnerability has been resolved: memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() As of_find_node_by_name() release the reference of the argument device node, tegra_emc_find_node_by_ram_code() releases some device nodes while still in use, resulting in possible UAFs. According to the bindings and the in-tree DTS files, the "emc-tables" node is always device's child node with the property "nvidia,use-ram-code", and the "lpddr2" node is a child of the "emc-tables" node. Thus utilize the for_each_child_of_node() macro and of_get_child_by_name() instead of of_find_node_by_name() to simplify the code. This bug was found by an experimental verification tool that I am developing. [krzysztof: applied v1, adjust the commit msg to incorporate v2 parts]
INFO
Published Date :
Feb. 27, 2025, 8:16 p.m.
Last Modified :
March 21, 2025, 6:31 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
Solution
- Update the Linux kernel to the latest version.
- Verify the patch for tegra20-emc memory component.
- Recompile and deploy the kernel.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-58034.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-58034 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-58034
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-58034 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2024-58034 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Mar. 21, 2025
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.13.2 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.76 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.13 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.129 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.0 up to (excluding) 5.15.179 Added Reference Type kernel.org: https://git.kernel.org/stable/c/3b02273446e23961d910b50cc12528faec649fb2 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/755e44538c190c31de9090d8e8821d228fcfd416 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/b9784e5cde1f9fb83661a70e580e381ae1264d12 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/c144423cb07e4e227a8572d5742ca2b36ada770d Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/c3def10c610ae046aaa61d00528e7bd15e4ad8d3 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/e9d07e91de140679eeaf275f47ad154467cb9e05 Types: Patch -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Mar. 13, 2025
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/c3def10c610ae046aaa61d00528e7bd15e4ad8d3 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Mar. 04, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-416 -
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Feb. 27, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() As of_find_node_by_name() release the reference of the argument device node, tegra_emc_find_node_by_ram_code() releases some device nodes while still in use, resulting in possible UAFs. According to the bindings and the in-tree DTS files, the "emc-tables" node is always device's child node with the property "nvidia,use-ram-code", and the "lpddr2" node is a child of the "emc-tables" node. Thus utilize the for_each_child_of_node() macro and of_get_child_by_name() instead of of_find_node_by_name() to simplify the code. This bug was found by an experimental verification tool that I am developing. [krzysztof: applied v1, adjust the commit msg to incorporate v2 parts] Added Reference https://git.kernel.org/stable/c/3b02273446e23961d910b50cc12528faec649fb2 Added Reference https://git.kernel.org/stable/c/755e44538c190c31de9090d8e8821d228fcfd416 Added Reference https://git.kernel.org/stable/c/b9784e5cde1f9fb83661a70e580e381ae1264d12 Added Reference https://git.kernel.org/stable/c/c144423cb07e4e227a8572d5742ca2b36ada770d Added Reference https://git.kernel.org/stable/c/e9d07e91de140679eeaf275f47ad154467cb9e05