CVE-2024-58075 is a vulnerability identified in the Linux kernel's cryptographic subsystem, specifically within the Tegra platform's crypto driver. The issue arises in the initialization functions tegra_cmac_init and tegra_sha_init, which are responsible for setting up cryptographic operations using CMAC and SHA algorithms on NVIDIA Tegra hardware. When these initialization functions fail due to memory exhaustion, the Linux kernel erroneously proceeds to transfer cryptographic requests despite the failed initialization. This improper handling can lead to undefined behavior, potentially causing kernel instability or crashes. The root cause is the lack of proper error checking before transferring requests, which violates expected control flow and resource management in the kernel's crypto framework. Although no known exploits are currently reported in the wild, the vulnerability represents a risk because it affects the kernel's cryptographic operations on Tegra devices, which are commonly used in embedded systems, automotive platforms, and IoT devices running Linux. The affected versions are identified by specific commit hashes, indicating the vulnerability is present in certain kernel builds prior to the patch. The absence of a CVSS score suggests this is a newly disclosed issue, and the Linux maintainers have published the fix to prevent improper request handling when initialization fails.

For European organizations, the impact of CVE-2024-58075 depends largely on the deployment of Linux systems running on NVIDIA Tegra hardware. Such hardware is prevalent in embedded systems, automotive infotainment, industrial control systems, and IoT devices. If exploited, the vulnerability could lead to kernel crashes or denial of service conditions, affecting system availability and potentially causing operational disruptions. In critical infrastructure sectors such as automotive manufacturing, transportation, and industrial automation—where Tegra-based Linux systems may be integrated—this could translate into safety risks or downtime. Confidentiality and integrity impacts are less direct but cannot be entirely ruled out if kernel instability is leveraged as part of a broader attack chain. Given the kernel-level nature of the flaw, successful exploitation could allow attackers to disrupt services or cause system reboots, impacting business continuity. However, the lack of known exploits and the requirement for specific hardware limits the immediate threat scope. European organizations using Tegra-based Linux systems should assess their exposure, especially in sectors relying on embedded Linux devices.

To mitigate CVE-2024-58075, organizations should promptly apply the official Linux kernel patches that address the improper request transfer in the Tegra crypto driver. This involves updating to kernel versions that include the fix or backporting the patch if using long-term support kernels. System administrators should audit their environments to identify Linux systems running on NVIDIA Tegra hardware and verify the kernel versions in use. For embedded and IoT devices where kernel updates may be challenging, vendors should be engaged to provide firmware updates incorporating the fix. Additionally, monitoring system logs for unusual kernel errors or crashes related to cryptographic operations can help detect attempts to trigger this vulnerability. Employing memory resource monitoring and limiting resource exhaustion scenarios can reduce the likelihood of initialization failures. Finally, implementing defense-in-depth strategies such as kernel lockdown features and restricting access to privileged operations can further reduce exploitation risk.