fkie_cve-2024-56621
Vulnerability from fkie_nvd
Published
2024-12-27 15:15
Modified
2025-03-07 18:15
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Cancel RTC work during ufshcd_remove()
Currently, RTC work is only cancelled during __ufshcd_wl_suspend(). When
ufshcd is removed in ufshcd_remove(), RTC work is not cancelled. Due to
this, any further trigger of the RTC work after ufshcd_remove() would
result in a NULL pointer dereference as below:
Unable to handle kernel NULL pointer dereference at virtual address 00000000000002a4
Workqueue: events ufshcd_rtc_work
Call trace:
_raw_spin_lock_irqsave+0x34/0x8c
pm_runtime_get_if_active+0x24/0xb4
ufshcd_rtc_work+0x124/0x19c
process_scheduled_works+0x18c/0x2d8
worker_thread+0x144/0x280
kthread+0x11c/0x128
ret_from_fork+0x10/0x20
Since RTC work accesses the ufshcd internal structures, it should be cancelled
when ufshcd is removed. So do that in ufshcd_remove(), as per the order in
ufshcd_init().
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | 6.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C58B98F0-EB8D-4B95-8BFE-2D99DDAF308D",
"versionEndExcluding": "6.12.5",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Cancel RTC work during ufshcd_remove()\n\nCurrently, RTC work is only cancelled during __ufshcd_wl_suspend(). When\nufshcd is removed in ufshcd_remove(), RTC work is not cancelled. Due to\nthis, any further trigger of the RTC work after ufshcd_remove() would\nresult in a NULL pointer dereference as below:\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000002a4\nWorkqueue: events ufshcd_rtc_work\nCall trace:\n _raw_spin_lock_irqsave+0x34/0x8c\n pm_runtime_get_if_active+0x24/0xb4\n ufshcd_rtc_work+0x124/0x19c\n process_scheduled_works+0x18c/0x2d8\n worker_thread+0x144/0x280\n kthread+0x11c/0x128\n ret_from_fork+0x10/0x20\n\nSince RTC work accesses the ufshcd internal structures, it should be cancelled\nwhen ufshcd is removed. So do that in ufshcd_remove(), as per the order in\nufshcd_init()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: ufs: core: Cancelar el trabajo de RTC durante ufshcd_remove() Actualmente, el trabajo de RTC solo se cancela durante __ufshcd_wl_suspend(). Cuando se elimina ufshcd en ufshcd_remove(), el trabajo de RTC no se cancela. Debido a esto, cualquier activaci\u00f3n adicional del trabajo de RTC despu\u00e9s de ufshcd_remove() dar\u00eda como resultado una desreferencia de puntero NULL como se muestra a continuaci\u00f3n: No se puede gestionar la desreferencia de puntero NULL del n\u00facleo en la direcci\u00f3n virtual 00000000000002a4 Cola de trabajo: eventos ufshcd_rtc_work Rastreo de llamadas: _raw_spin_lock_irqsave+0x34/0x8c pm_runtime_get_if_active+0x24/0xb4 ufshcd_rtc_work+0x124/0x19c process_scheduled_works+0x18c/0x2d8 worker_thread+0x144/0x280 kthread+0x11c/0x128 ret_from_fork+0x10/0x20 Dado que el trabajo de RTC accede a las estructuras internas de ufshcd, se debe cancelar cuando se elimina ufshcd. Haga esto en ufshcd_remove(), seg\u00fan el orden en ufshcd_init()."
}
],
"id": "CVE-2024-56621",
"lastModified": "2025-03-07T18:15:45.237",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-27T15:15:21.637",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/1695c4361d35b7bdadd7b34f99c9c07741e181e5"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/2e7a3bb0331efb292e0fb022c36bc592137f0520"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/57479e37d3f69efee2f0678568274db773284bc8"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…