CVE-2024-58068: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-58068 is a vulnerability in the Linux kernel's Operating Performance Point (OPP) subsystem, discovered and disclosed on March 6, 2025. The issue occurs when a driver calls dev_pm_opp_find_bw_ceil/floor() to retrieve bandwidth from the OPP table but the bandwidth table was not initialized due to missing interconnect properties in the OPP consumer node (NVD, Ubuntu).

The vulnerability manifests as a NULL pointer dereference at virtual address 0000000000000004 in the _read_bw function. The issue occurs in the call trace sequence: _read_bw+0x8/0x10 (P) -> _opp_table_find_key+0x9c/0x174 (L) -> _find_key+0x98/0x168 -> dev_pm_opp_find_bw_ceil+0x50/0x88. The root cause was traced to a missing check for bandwidth table initialization before attempting to access it (Kernel Commit).

When triggered, this vulnerability causes a kernel crash due to the NULL pointer dereference, potentially leading to system instability and denial of service conditions (NVD).

The issue has been fixed by implementing an assert function (assert_bandwidth_index) to check if the bandwidth table was created before attempting to get a bandwidth with _read_bw(). The fix was implemented in the kernel commit b44b9bc7cab2967c3d6a791b1cd542c89fc07f0e and has been backported to various stable kernel versions (Kernel Commit).