CVE-2024-58068 in Linux
Summary
by MITRE • 03/06/2025
In the Linux kernel, the following vulnerability has been resolved:
OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
If a driver calls dev_pm_opp_find_bw_ceil/floor() the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were missing in the OPP consumer node, the kernel will crash with:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004 ... pc : _read_bw+0x8/0x10 lr : _opp_table_find_key+0x9c/0x174 ... Call trace: _read_bw+0x8/0x10 (P) _opp_table_find_key+0x9c/0x174 (L) _find_key+0x98/0x168 dev_pm_opp_find_bw_ceil+0x50/0x88 ...
In order to fix the crash, create an assert function to check if the bandwidth table was created before trying to get a bandwidth with _read_bw().
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 02/16/2026
This vulnerability exists within the Linux kernel's Operating Performance Points (OPP) subsystem where improper handling of bandwidth table initialization leads to a critical null pointer dereference. The issue specifically affects drivers that attempt to retrieve bandwidth information from OPP tables using dev_pm_opp_find_bw_ceil() or dev_pm_opp_find_bw_floor() functions. When the OPP consumer node lacks interconnect properties required to create the bandwidth table, the kernel fails to validate table initialization before attempting to access bandwidth data, resulting in an immediate system crash. This represents a classic null pointer dereference scenario that violates fundamental memory safety principles and can be classified under CWE-476 which addresses NULL pointer dereference vulnerabilities.
The technical flaw manifests in the kernel's OPP subsystem where the _read_bw() function is invoked without proper validation of the bandwidth table's existence. The crash occurs at virtual address 0000000000000004 which is a clear indicator of attempting to access a null pointer, specifically when the bandwidth table pointer has not been properly initialized due to missing interconnect properties in the device tree. The call trace reveals the execution path leading to the failure, with _read_bw() being called through _opp_table_find_key() and ultimately from dev_pm_opp_find_bw_ceil(), demonstrating how the vulnerability propagates through the kernel's power management subsystem. This type of vulnerability aligns with ATT&CK technique T1547.001 which involves privilege escalation through kernel-level exploits.
The operational impact of this vulnerability is severe as it can cause immediate system crashes or panics when drivers attempt to query bandwidth information from improperly initialized OPP tables. This affects systems that rely on dynamic power management and performance scaling, particularly mobile devices, embedded systems, and servers where OPP is used for power optimization. The vulnerability is exploitable by any driver or subsystem that makes calls to dev_pm_opp_find_bw_* functions without proper initialization checks, potentially leading to denial of service conditions or system instability. In production environments, this could result in unexpected reboots or complete system unresponsiveness during power management operations.
The fix implemented addresses this vulnerability by introducing an assert function that validates bandwidth table initialization before attempting to access bandwidth data through _read_bw(). This defensive programming approach ensures that the kernel checks for table existence before proceeding with bandwidth retrieval operations, preventing the null pointer dereference that previously caused system crashes. The solution follows established kernel development practices for handling optional subsystem features and demonstrates proper error handling for cases where expected resources are not available. This fix aligns with kernel security best practices and follows the principle of validating all inputs and preconditions before executing potentially dangerous operations, thereby reducing the attack surface and improving overall system stability in power management scenarios.