CVE-2024-58075 in Linuxinfo

Summary

by MITRE • 03/06/2025

In the Linux kernel, the following vulnerability has been resolved:

crypto: tegra - do not transfer req when tegra init fails

The tegra_cmac_init or tegra_sha_init function may return an error when memory is exhausted. It should not transfer the request when they return an error.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 02/16/2026

The vulnerability identified as CVE-2024-58075 resides within the Linux kernel's cryptographic subsystem, specifically affecting the Tegra hardware-based cryptography implementation. This issue manifests in the tegra_cmac_init and tegra_sha_init functions which are responsible for initializing cryptographic operations on Tegra processor architectures. The flaw represents a critical memory management oversight where the kernel fails to properly handle initialization errors, potentially leading to system instability and security implications. When these initialization functions encounter memory exhaustion conditions, they return error codes indicating failure, yet the kernel continues to process and transfer cryptographic requests despite these failures. This behavior creates a dangerous state where incomplete cryptographic operations may be executed or where system resources become improperly managed, potentially exposing the system to denial of service conditions or data corruption scenarios.

The technical root cause of this vulnerability stems from improper error handling within the Tegra cryptographic driver implementation. According to CWE-252, this represents an "Unchecked Return Value" vulnerability where the return status of initialization functions is not properly validated before proceeding with subsequent operations. The flaw directly impacts the kernel's cryptographic framework by allowing request processing to continue even when underlying hardware or memory initialization has failed. This type of error handling failure falls under the ATT&CK technique T1499.004 for "Trusted Path" and T1070.006 for "Indicator Removal on Host" as it can lead to system instability that may obscure legitimate security events or create conditions where malicious actors could exploit the inconsistent state. The vulnerability specifically affects systems utilizing Tegra processors where hardware-based cryptographic acceleration is enabled, making it particularly relevant for mobile devices, embedded systems, and automotive platforms that rely on NVIDIA's Tegra chipsets for security operations.

The operational impact of CVE-2024-58075 extends beyond simple system instability to encompass potential security risks and service availability concerns. When memory exhaustion occurs during cryptographic initialization, the system may enter an inconsistent state where requests are transferred without proper cryptographic context, potentially leading to data integrity issues or information disclosure vulnerabilities. This vulnerability could be exploited by malicious actors to create denial of service conditions by triggering memory exhaustion scenarios that cause the cryptographic subsystem to fail in a manner that affects overall system stability. The risk is particularly elevated in environments where cryptographic operations are frequently performed or where systems are under memory pressure. The flaw affects systems running Linux kernels with Tegra cryptographic support, potentially impacting a wide range of devices including smartphones, tablets, embedded systems, and automotive platforms that utilize NVIDIA's Tegra processors. Additionally, the vulnerability may compound other security issues by creating unpredictable system behavior that could interfere with security monitoring or incident response procedures.

Mitigation strategies for CVE-2024-58075 focus on implementing proper error handling and system updates to address the specific memory management flaw in the Tegra cryptographic driver. System administrators should prioritize applying kernel updates that contain the fix for this vulnerability, which typically involves modifying the tegra_cmac_init and tegra_sha_init functions to properly validate return values and prevent request transfer when initialization fails. The fix aligns with security best practices outlined in NIST SP 800-53 and ISO 27001 controls for proper error handling and resource management. Organizations should also implement monitoring for memory exhaustion conditions and cryptographic operation failures as part of their security operations center procedures. Additional defensive measures include implementing proper resource limits for cryptographic operations, configuring system memory management to prevent excessive memory allocation during initialization phases, and establishing robust logging for cryptographic subsystem failures. The vulnerability resolution specifically addresses the improper state transition that occurs when cryptographic requests are transferred despite initialization errors, ensuring that all initialization failures properly terminate request processing and maintain system stability. This remediation approach directly addresses the ATT&CK technique T1566.001 for "Phishing" and T1499.004 for "Trusted Path" by preventing exploitation through system instability that could be leveraged for more sophisticated attacks.

Responsible

Linux

Reservation

03/06/2025

Disclosure

03/06/2025

Moderation

accepted

CPE

ready

EPSS

0.00169

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!