CVE-2024-58034: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-58034 affects the Linux kernel's Tegra20 EMC driver. The vulnerability was discovered in December 2024 and involves a Use-After-Free (UAF) bug in the tegra_emc_find_node_by_ram_code() function. The issue occurs when of_find_node_by_name() releases the reference of the argument device node while some device nodes are still in use (NVD).

The vulnerability exists in the Linux kernel's memory subsystem, specifically in the Tegra20 EMC driver. The issue stems from incorrect handling of device node references in the tegra_emc_find_node_by_ram_code() function. According to the bindings and in-tree DTS files, the 'emc-tables' node is always a device's child node with the property 'nvidia,use-ram-code', and the 'lpddr2' node is a child of the 'emc-tables' node. The bug was identified by an experimental verification tool and has been assigned a CVSS v3.1 Base Score of 7.8 HIGH (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) (NVD).

The vulnerability could lead to Use-After-Free conditions in the Linux kernel's memory management system for Tegra devices. This could potentially result in system crashes, memory corruption, or privilege escalation (NVD).

A fix has been implemented by replacing the use of of_find_node_by_name() with for_each_child_of_node() macro and of_get_child_by_name() to properly handle node references. The patch has been merged into various Linux kernel versions (Kernel Commit).