CVE-2024-57985 is a vulnerability identified in the Linux kernel specifically related to the Qualcomm (qcom) SCM (Secure Channel Manager) driver. The issue arises when the SCM driver probe fails but does not properly clean up the global '__scm' variable. This variable is critical because external users of the driver rely on it to determine if the probe completed successfully. If the probe fails and '__scm' remains assigned, subsequent calls such as '__scm_smc_call()' may operate on uninitialized or invalid memory structures, particularly the TZMEM parts like '__scm->mempool'. This can lead to a NULL pointer dereference, causing kernel crashes or denial of service. The vulnerability is triggered by the introduction of probe deferral in the SCM driver, with a call trace involving functions like qcom_tzmem_alloc, qcom_scm_assign_mem, and qcom_rmtfs_mem_probe. Although this is described as a theoretical NULL pointer exception, it represents a stability and reliability risk in affected Linux kernel versions. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects specific Linux kernel commits identified by the hash 40289e35ca525f29a03989352ab207b6a9675475, indicating a narrow range of affected versions. The root cause is improper cleanup on probe failure, which is a common class of kernel driver bugs that can lead to unpredictable behavior and potential system crashes.

For European organizations, the primary impact of CVE-2024-57985 is on system stability and availability. Systems running affected Linux kernel versions with Qualcomm SCM drivers could experience kernel panics or crashes if the driver probe fails and the global '__scm' variable is left in an inconsistent state. This could disrupt critical services, especially in environments relying on embedded Linux systems, telecommunications infrastructure, or IoT devices using Qualcomm chipsets. While the vulnerability does not directly expose confidentiality or integrity risks, denial of service conditions can affect operational continuity. Organizations with Linux-based infrastructure in sectors such as telecommunications, manufacturing, and critical infrastructure may face increased risk if they deploy affected kernel versions. The lack of known exploits reduces immediate threat but does not eliminate the risk of future exploitation or accidental system failures. Given the technical nature of the vulnerability, exploitation would likely require local access or specific conditions during driver initialization, limiting remote attack vectors but emphasizing the need for robust patch management and system monitoring.

To mitigate CVE-2024-57985, European organizations should: 1) Identify and inventory Linux systems running affected kernel versions with Qualcomm SCM drivers, focusing on embedded and telecom devices. 2) Apply the official Linux kernel patches that address the cleanup of the '__scm' variable on probe failures as soon as they become available. 3) Implement rigorous kernel update policies to ensure timely deployment of security fixes, especially in production environments. 4) Monitor system logs for kernel probe failures or unusual behavior related to the SCM driver, enabling early detection of potential issues. 5) Where possible, conduct controlled testing of kernel updates in staging environments to verify stability before production rollout. 6) For devices where kernel updates are not feasible, consider vendor-specific firmware or driver updates that address this issue. 7) Limit local access to sensitive systems to reduce the risk of exploitation through local user actions. 8) Engage with hardware and software vendors to confirm support and patch availability for affected devices. These steps go beyond generic advice by emphasizing targeted identification of affected systems, proactive patch management, and operational monitoring specific to the Qualcomm SCM driver context.