CVE-2024-58068

MEDIUM EPSS 6.4%
Published Mar 6, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Mar 6, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized If a driver calls dev_pm_opp_find_bw_ceil/floor() the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were missing in the OPP consumer node, the kernel will crash with: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004 ... pc : _read_bw+0x8/0x10 lr : _opp_table_find_key+0x9c/0x174 ... Call trace: _read_bw+0x8/0x10 (P) _opp_table_find_key+0x9c/0x174 (L) _find_key+0x98/0x168 dev_pm_opp_find_bw_ceil+0x50/0x88 ... In order to fix the crash, create an assert function to check if the bandwidth table was created before trying to get a bandwidth with _read_bw().

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
6.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥6.0  –  <6.1.129
linuxlinux_kernel*≥6.2  –  <6.6.76
linuxlinux_kernel*≥6.7  –  <6.12.13
linuxlinux_kernel*≥6.13  –  <6.13.2

References 6

  • git.kernel.org https://git.kernel.org/stable/c/5165486681dbd67b61b975c63125f2a5cb7f96d1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/84ff05c9bd577157baed711a4f0b41206593978b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8532fd078d2a5286915d03bb0a0893ee1955acef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b44b9bc7cab2967c3d6a791b1cd542c89fc07f0e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ff2def251849133be6076a7c2d427d8eb963c223
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/5165486681dbd67b61b975c63125f2a5cb7f96d1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/84ff05c9bd577157baed711a4f0b41206593978b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8532fd078d2a5286915d03bb0a0893ee1955acef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b44b9bc7cab2967c3d6a791b1cd542c89fc07f0e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ff2def251849133be6076a7c2d427d8eb963c223
    Patch