CVE-2024-35994: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix memory related IO errors and crashes It turns out that while the QSEECOM APP_SEND command has specific fields for request and response buffers, uefisecapp expects them both to be in a single memory region. Failure to adhere to this has (so far) resulted in either no response being written to the response buffer (causing an EIO to be emitted down the line), the SCM call to fail with EINVAL (i.e., directly from TZ/firmware), or the device to be hard-reset. While this issue can be triggered deterministically, in the current form it seems to happen rather sporadically (which is why it has gone unnoticed during earlier testing). This is likely due to the two kzalloc() calls (for request and response) being directly after each other. Which means that those likely return consecutive regions most of the time, especially when not much else is going on in the system. Fix this by allocating a single memory region for both request and response buffers, properly aligning both structs inside it. This unfortunately also means that the qcom_scm_qseecom_app_send() interface needs to be restructured, as it should no longer map the DMA regions separately. Therefore, move the responsibility of DMA allocation (or mapping) to the caller.
AI Analysis
Technical Summary
CVE-2024-35994 is a vulnerability identified in the Linux kernel's Qualcomm Secure Execution Environment Communication (QSEECOM) application interface, specifically within the uefisecapp firmware component. The vulnerability arises from improper handling of memory buffers used for request and response data in the QSEECOM APP_SEND command. Although the command protocol defines separate fields for request and response buffers, the uefisecapp implementation incorrectly expects both buffers to reside within a single contiguous memory region. When this expectation is not met, it can lead to multiple failure modes including the absence of response data (triggering an I/O error), the Secure Channel Manager (SCM) call failing with an invalid argument error (EINVAL) directly from the TrustZone firmware, or even causing the device to undergo a hard reset. The issue is sporadic due to the typical allocation pattern where two consecutive kzalloc() calls often return adjacent memory regions, masking the problem under normal conditions. The fix involves allocating a single contiguous memory region for both request and response buffers with proper alignment, and restructuring the qcom_scm_qseecom_app_send() interface to shift DMA allocation responsibility to the caller, thereby preventing separate DMA mappings that could cause the issue. This vulnerability affects Linux kernel versions identified by the commit hash 759e7a2b62eb3ef3c93ffeb5cca788a09627d7d9 and was publicly disclosed on May 20, 2024. No known exploits are currently reported in the wild.
Potential Impact
For European organizations, the impact of CVE-2024-35994 primarily concerns devices and systems running Linux kernels with Qualcomm TrustZone firmware components, particularly those using the QSEECOM interface for secure communication. The vulnerability can cause sporadic device crashes or hard resets, leading to potential denial of service conditions. In critical infrastructure or embedded systems relying on Qualcomm-based secure environments, such instability could disrupt operations, degrade service availability, or cause system downtime. While the vulnerability does not directly indicate data leakage or privilege escalation, the loss of availability and potential for unexpected resets could impact operational continuity, especially in sectors like telecommunications, automotive, industrial control systems, and IoT deployments prevalent in Europe. The sporadic nature of the fault may complicate troubleshooting and incident response, increasing operational risk. Since the issue stems from firmware interaction, remediation may require coordinated kernel and firmware updates, which can be challenging in environments with strict change control or legacy hardware. However, no evidence currently suggests active exploitation or direct compromise of confidentiality or integrity.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2024-35994 as soon as it becomes available. Given the vulnerability involves low-level firmware communication, organizations should: 1) Identify all systems using Qualcomm TrustZone firmware and the affected Linux kernel versions, focusing on embedded devices, mobile infrastructure, and IoT devices. 2) Coordinate with hardware and firmware vendors to obtain and deploy firmware updates that complement the kernel patch, ensuring the QSEECOM interface is correctly handled. 3) Implement monitoring for unusual device resets, I/O errors, or SCM call failures that could indicate attempts to trigger this vulnerability or related instability. 4) For critical systems where immediate patching is not feasible, consider isolating affected devices from critical networks or applying compensating controls such as redundant systems to maintain availability. 5) Engage in thorough testing of updated kernels and firmware in staging environments to verify stability and compatibility, given the low-level nature of the fix and potential impact on DMA operations. 6) Maintain close collaboration with Linux kernel security mailing lists and Qualcomm security advisories for any emerging exploit information or additional patches.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Finland, Poland, Belgium
CVE-2024-35994: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix memory related IO errors and crashes It turns out that while the QSEECOM APP_SEND command has specific fields for request and response buffers, uefisecapp expects them both to be in a single memory region. Failure to adhere to this has (so far) resulted in either no response being written to the response buffer (causing an EIO to be emitted down the line), the SCM call to fail with EINVAL (i.e., directly from TZ/firmware), or the device to be hard-reset. While this issue can be triggered deterministically, in the current form it seems to happen rather sporadically (which is why it has gone unnoticed during earlier testing). This is likely due to the two kzalloc() calls (for request and response) being directly after each other. Which means that those likely return consecutive regions most of the time, especially when not much else is going on in the system. Fix this by allocating a single memory region for both request and response buffers, properly aligning both structs inside it. This unfortunately also means that the qcom_scm_qseecom_app_send() interface needs to be restructured, as it should no longer map the DMA regions separately. Therefore, move the responsibility of DMA allocation (or mapping) to the caller.
AI-Powered Analysis
Technical Analysis
CVE-2024-35994 is a vulnerability identified in the Linux kernel's Qualcomm Secure Execution Environment Communication (QSEECOM) application interface, specifically within the uefisecapp firmware component. The vulnerability arises from improper handling of memory buffers used for request and response data in the QSEECOM APP_SEND command. Although the command protocol defines separate fields for request and response buffers, the uefisecapp implementation incorrectly expects both buffers to reside within a single contiguous memory region. When this expectation is not met, it can lead to multiple failure modes including the absence of response data (triggering an I/O error), the Secure Channel Manager (SCM) call failing with an invalid argument error (EINVAL) directly from the TrustZone firmware, or even causing the device to undergo a hard reset. The issue is sporadic due to the typical allocation pattern where two consecutive kzalloc() calls often return adjacent memory regions, masking the problem under normal conditions. The fix involves allocating a single contiguous memory region for both request and response buffers with proper alignment, and restructuring the qcom_scm_qseecom_app_send() interface to shift DMA allocation responsibility to the caller, thereby preventing separate DMA mappings that could cause the issue. This vulnerability affects Linux kernel versions identified by the commit hash 759e7a2b62eb3ef3c93ffeb5cca788a09627d7d9 and was publicly disclosed on May 20, 2024. No known exploits are currently reported in the wild.
Potential Impact
For European organizations, the impact of CVE-2024-35994 primarily concerns devices and systems running Linux kernels with Qualcomm TrustZone firmware components, particularly those using the QSEECOM interface for secure communication. The vulnerability can cause sporadic device crashes or hard resets, leading to potential denial of service conditions. In critical infrastructure or embedded systems relying on Qualcomm-based secure environments, such instability could disrupt operations, degrade service availability, or cause system downtime. While the vulnerability does not directly indicate data leakage or privilege escalation, the loss of availability and potential for unexpected resets could impact operational continuity, especially in sectors like telecommunications, automotive, industrial control systems, and IoT deployments prevalent in Europe. The sporadic nature of the fault may complicate troubleshooting and incident response, increasing operational risk. Since the issue stems from firmware interaction, remediation may require coordinated kernel and firmware updates, which can be challenging in environments with strict change control or legacy hardware. However, no evidence currently suggests active exploitation or direct compromise of confidentiality or integrity.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2024-35994 as soon as it becomes available. Given the vulnerability involves low-level firmware communication, organizations should: 1) Identify all systems using Qualcomm TrustZone firmware and the affected Linux kernel versions, focusing on embedded devices, mobile infrastructure, and IoT devices. 2) Coordinate with hardware and firmware vendors to obtain and deploy firmware updates that complement the kernel patch, ensuring the QSEECOM interface is correctly handled. 3) Implement monitoring for unusual device resets, I/O errors, or SCM call failures that could indicate attempts to trigger this vulnerability or related instability. 4) For critical systems where immediate patching is not feasible, consider isolating affected devices from critical networks or applying compensating controls such as redundant systems to maintain availability. 5) Engage in thorough testing of updated kernels and firmware in staging environments to verify stability and compatibility, given the low-level nature of the fix and potential impact on DMA operations. 6) Maintain close collaboration with Linux kernel security mailing lists and Qualcomm security advisories for any emerging exploit information or additional patches.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T13:50:33.147Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe23e4
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 9:10:34 AM
Last updated: 7/26/2025, 5:10:52 PM
Views: 9
Related Threats
CVE-2025-53541: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Enalean tuleap
MediumCVE-2025-52899: CWE-204: Observable Response Discrepancy in Enalean tuleap
MediumCVE-2025-51045: n/a
HighCVE-2025-51044: n/a
HighCVE-2025-36071: CWE-772 Missing Release of Resource after Effective Lifetime in IBM IBM Db2
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.