CVE-2024-58081: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-58081 is a vulnerability in the Linux kernel affecting the clock (clk) subsystem, specifically in the MMP2 power domain initialization. The vulnerability was discovered and disclosed on March 6, 2025, affecting the Linux kernel's power management functionality (NVD).

The vulnerability occurs in the Linux kernel's MMP2 clock driver where pm_genpd_init() is called before setting the genpd.name field. The issue stems from the fact that the generic power domain's struct device name is set with dev_set_name() within pm_genpd_init(). If the name remains NULL, it can cause a kernel NULL pointer dereference when creating the devfs hierarchy for the power domain. The issue was traced back to commit 899f44531fe6 which introduced the GENPD_FLAG_DEV_NAME_FW flag (Kernel Commit). According to Red Hat's assessment, this vulnerability has been assigned a CVSS v3 Base Score of 5.5 (Red Hat).

When exploited, this vulnerability can cause a kernel NULL pointer dereference, potentially leading to a system crash. The issue manifests during the system initialization process when creating the power domain debug filesystem hierarchy (Kernel Commit).

The vulnerability has been fixed by modifying the initialization sequence to ensure genpd.name is set before calling pm_genpd_init(). The fix has been implemented in the Linux kernel and is available through various distribution updates. Debian has marked this as fixed in multiple versions including 5.10.234-1 for bullseye, 6.1.129-1 for bookworm, and 6.12.17-1 for sid/trixie (Debian Tracker).