CVE-2024-35994

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the QSEECOM APP SEND command, which expects both request and response buffers to be in a single memory region. Failure to adhere to this has resulted in either no response being written to the response buffer, the SCM call failing with EINVAL, or the device being hard-reset. This issue can be triggered deterministically but seems to happen rather sporadically. The problem is likely due to the two kzalloc() calls for request and response being directly after each other, which means they likely return consecutive regions most of the time. To fix this, a single memory region for both request and response buffers should be allocated, properly aligning both structs inside it. This also means that the qcom scm qseecom app send() interface needs to be restructured, as it should no longer map the DMA regions separately.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.