CVE-2024-56620

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

n the Linux kernel, the following vulnerability has been resolved: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Otherwise, it will result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace: mutex_lock+0xc/0x54 platform_device_msi_free_irqs_all+0x14/0x20 ufs_qcom_remove+0x34/0x48 [ufs_qcom] platform_remove+0x28/0x44 device_remove+0x4c/0x80 device_release_driver_internal+0xd8/0x178 driver_detach+0x50/0x9c bus_remove_driver+0x6c/0xbc driver_unregister+0x30/0x60 platform_driver_unregister+0x14/0x20 ufs_qcom_pltform_exit+0x18/0xb94 [ufs_qcom] __arm64_sys_delete_module+0x180/0x260 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xdc el0t_64_sync_handler+0xc0/0xc4 el0t_64_sync+0x190/0x194

References

Link	Resource
https://git.kernel.org/stable/c/64506b3d23a337e98a74b18dcb10c8619365f2bd	Patch
https://git.kernel.org/stable/c/f16a097047e38dcdd169a15e3eed1b2f2147a2e7
https://git.kernel.org/stable/c/f99cb5f6344ef93777fd3add7979ebf291a852df	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc1::::::

History

07 Apr 2025, 09:15

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/f16a097047e38dcdd169a15e3eed1b2f2147a2e7 -

08 Jan 2025, 16:09

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-476
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.13:rc1::::::
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: ufs: qcom: Solo libera MSI de plataforma cuando ESI está habilitado De lo contrario, resultará en una desreferencia de puntero NULL como se muestra a continuación: No se puede gestionar la desreferencia de puntero NULL del kernel en la dirección virtual 0000000000000008 Rastreo de llamadas: mutex_lock+0xc/0x54 platform_device_msi_free_irqs_all+0x14/0x20 ufs_qcom_remove+0x34/0x48 [ufs_qcom] platform_remove+0x28/0x44 device_remove+0x4c/0x80 device_release_driver_internal+0xd8/0x178 driver_detach+0x50/0x9c bus_remove_driver+0x6c/0xbc driver_unregister+0x30/0x60 platform_driver_unregister+0x14/0x20 ufs_qcom_pltform_exit+0x18/0xb94 [ufs_qcom] __arm64_sys_delete_module+0x180/0x260 invocar_llamada_al_sistema+0x44/0x100 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xdc el0t_64_sync_handler+0xc0/0xc4 el0t_64_sync+0x190/0x194
References	~~() https://git.kernel.org/stable/c/64506b3d23a337e98a74b18dcb10c8619365f2bd -~~	() https://git.kernel.org/stable/c/64506b3d23a337e98a74b18dcb10c8619365f2bd - Patch
References	~~() https://git.kernel.org/stable/c/f99cb5f6344ef93777fd3add7979ebf291a852df -~~	() https://git.kernel.org/stable/c/f99cb5f6344ef93777fd3add7979ebf291a852df - Patch
First Time		Linux linux Kernel Linux

27 Dec 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-27 15:15

Updated : 2025-04-07 09:15

NVD link : CVE-2024-56620

Mitre link : CVE-2024-56620

CVE.ORG link : CVE-2024-56620

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10