CVE-2024-58022: 
Linux Debian vulnerability analysis and mitigation

CVE-2024-58022 affects the Linux kernel's mailbox subsystem, specifically the T-head TH1520 Mailbox driver. The vulnerability was discovered on February 27, 2025, and involves an incorrect error handling in the devmioremap() function where it checks for ISERR() instead of NULL return value (NVD).

The vulnerability stems from a mismatch in error checking logic in the mailbox-th1520.c driver. The devmioremap() function returns NULL on error, but the code incorrectly used ISERR() to check for errors. This has been fixed by updating the error checking to properly handle NULL returns and return ERR_PTR(-ENOMEM) in case of mapping failure (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability affects system availability through incorrect error handling in the mailbox driver. It has no impact on confidentiality or integrity, but could potentially lead to system instability or crashes when the mailbox driver fails to properly handle resource mapping errors (NVD).

The vulnerability has been patched in the Linux kernel. The fix involves updating the error checking logic in the TH1520 mailbox driver to properly handle NULL returns from devm_ioremap(). The patch has been committed to the kernel repository and is available in version 6.13.2 (Kernel Patch).