CVE-2024-56621

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Cancel RTC work during ufshcd_remove() Currently, RTC work is only cancelled during __ufshcd_wl_suspend(). When ufshcd is removed in ufshcd_remove(), RTC work is not cancelled. Due to this, any further trigger of the RTC work after ufshcd_remove() would result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 00000000000002a4 Workqueue: events ufshcd_rtc_work Call trace: _raw_spin_lock_irqsave+0x34/0x8c pm_runtime_get_if_active+0x24/0xb4 ufshcd_rtc_work+0x124/0x19c process_scheduled_works+0x18c/0x2d8 worker_thread+0x144/0x280 kthread+0x11c/0x128 ret_from_fork+0x10/0x20 Since RTC work accesses the ufshcd internal structures, it should be cancelled when ufshcd is removed. So do that in ufshcd_remove(), as per the order in ufshcd_init().

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1695c4361d35b7bdadd7b34f99c9c07741e181e5	Patch
https://git.kernel.org/stable/c/2e7a3bb0331efb292e0fb022c36bc592137f0520	Patch
https://git.kernel.org/stable/c/57479e37d3f69efee2f0678568274db773284bc8

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc1::::::

History

07 Mar 2025, 18:15

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/57479e37d3f69efee2f0678568274db773284bc8 -

08 Jan 2025, 16:44

Type	Values Removed	Values Added
CWE		CWE-476
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.13:rc1::::::
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: ufs: core: Cancelar el trabajo de RTC durante ufshcd_remove() Actualmente, el trabajo de RTC solo se cancela durante __ufshcd_wl_suspend(). Cuando se elimina ufshcd en ufshcd_remove(), el trabajo de RTC no se cancela. Debido a esto, cualquier activación adicional del trabajo de RTC después de ufshcd_remove() daría como resultado una desreferencia de puntero NULL como se muestra a continuación: No se puede gestionar la desreferencia de puntero NULL del núcleo en la dirección virtual 00000000000002a4 Cola de trabajo: eventos ufshcd_rtc_work Rastreo de llamadas: _raw_spin_lock_irqsave+0x34/0x8c pm_runtime_get_if_active+0x24/0xb4 ufshcd_rtc_work+0x124/0x19c process_scheduled_works+0x18c/0x2d8 worker_thread+0x144/0x280 kthread+0x11c/0x128 ret_from_fork+0x10/0x20 Dado que el trabajo de RTC accede a las estructuras internas de ufshcd, se debe cancelar cuando se elimina ufshcd. Haga esto en ufshcd_remove(), según el orden en ufshcd_init().
References	~~() https://git.kernel.org/stable/c/1695c4361d35b7bdadd7b34f99c9c07741e181e5 -~~	() https://git.kernel.org/stable/c/1695c4361d35b7bdadd7b34f99c9c07741e181e5 - Patch
References	~~() https://git.kernel.org/stable/c/2e7a3bb0331efb292e0fb022c36bc592137f0520 -~~	() https://git.kernel.org/stable/c/2e7a3bb0331efb292e0fb022c36bc592137f0520 - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

27 Dec 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-27 15:15

Updated : 2025-03-07 18:15

NVD link : CVE-2024-56621

Mitre link : CVE-2024-56621

CVE.ORG link : CVE-2024-56621

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10