Linux Kernel Read Barrier Vulnerability in Qualcomm SCM Firmware Handling

Vulnerability

A vulnerability in the Linux kernel's handling of Qualcomm Secure Control Manager (SCM) firmware can lead to dereferencing a NULL pointer. This issue arises from a missing read barrier in the function qcom_scm_get_tzmem_pool(), which is necessary for accessing the global '__scm' variable from concurrent contexts. The lack of this barrier can cause the function to retrieve a stale value, resulting in a NULL dereference.

Impact

The vulnerability can lead to a NULL pointer dereference, potentially causing a system crash or other unintended behavior.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Read Barrier Vulnerability in Qualcomm SCM Firmware Handling

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating