CVE-2024-58086: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-58086 affects the Linux kernel's DRM (Direct Rendering Manager) subsystem, specifically the V3D performance monitoring component. The vulnerability was discovered in November 2024 and publicly disclosed in March 2025. The issue affects Linux kernel versions that include the V3D DRM driver, particularly versions from 5.15 onwards (Kernel Git).

The vulnerability exists in the V3D DRM driver's performance monitoring system where the active performance monitor (v3d->active_perfmon) is not properly stopped when being destroyed. This leads to a stale pointer condition as the active perfmon is not stopped during destruction. The issue has been assigned a CVSS v3.1 score of 4.4 (AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) and is categorized under CWE-20 (Red Hat XML).

The vulnerability can lead to undefined behavior and system instability when the performance monitor is destroyed without being properly stopped. This primarily affects systems using the V3D DRM driver for graphics operations (Debian Tracker).

A fix has been implemented that ensures the active performance monitor is stopped before being destroyed. The patch has been merged into the mainline kernel and backported to affected stable versions. Fixed versions include Linux 5.10.234-1 for Debian bullseye, 6.1.129-1 for bookworm, and 6.12.17-1 for sid/trixie (Debian Tracker).