CVE-2024-57985: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57985 is a vulnerability in the Linux kernel's Qualcomm SCM (Secure Channel Manager) driver that was discovered and resolved in February 2025. The issue occurs when the SCM driver fails during probe operations, where it incorrectly leaves the global '__scm' variable assigned, leading to potential NULL pointer exceptions. This vulnerability affects the firmware component of the Qualcomm SCM driver in the Linux kernel (Kernel Git).

The vulnerability stems from a cleanup issue in the SCM driver's probe failure handling. When the driver fails during probe operations, it doesn't properly clean up the global 'scm' variable, which external users of the driver assume indicates successful probe completion. Specifically, TZMEM parts ('scm->mempool') are initialized later in the probe, but users of it (scmsmccall()) rely on the 'scm' variable. This can lead to a theoretical NULL pointer exception, particularly when probe deferral is introduced in the SCM driver (Kernel Git).

The vulnerability can result in NULL pointer exceptions in the system, potentially affecting the stability and security of systems using the Qualcomm SCM driver. The issue specifically impacts the TrustZone memory allocation functionality, which is critical for secure operations (Kernel Git).

The issue has been fixed through a patch that properly cleans up the global 'scm' variable on probe failures. The fix includes adding proper error handling and implementing smpstorerelease to ensure proper cleanup of the 'scm' variable when probe operations fail (Kernel Git).