In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Otherwise, it will result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace: mutex_lock+0xc/0x54 platform_device_msi_free_irqs_all+0x14/0x20 ufs_qcom_remove+0x34/0x48 [ufs_qcom] platform_remove+0x28/0x44 device_remove+0x4c/0x80 device_release_driver_internal+0xd8/0x178 driver_detach+0x50/0x9c bus_remove_driver+0x6c/0xbc driver_unregister+0x30/0x60 platform_driver_unregister+0x14/0x20 ufs_qcom_pltform_exit+0x18/0xb94 [ufs_qcom] __arm64_sys_delete_module+0x180/0x260 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xdc el0t_64_sync_handler+0xc0/0xc4 el0t_64_sync+0x190/0x194

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*

No data.

References
Link Providers
https://git.kernel.org/stable/c/64506b3d23a337e98a74b18dcb10c8619365f2bd cve-icon cve-icon
https://git.kernel.org/stable/c/f99cb5f6344ef93777fd3add7979ebf291a852df cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024122709-CVE-2024-56620-d1a8@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-56620 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-56620 cve-icon
History

Thu, 13 Feb 2025 00:30:00 +0000

Type Values Removed Values Added
Metrics threat_severity

Low

 threat_severity

Moderate

Wed, 08 Jan 2025 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Weaknesses CWE-476
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Mon, 30 Dec 2024 01:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Fri, 27 Dec 2024 15:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Otherwise, it will result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace: mutex_lock+0xc/0x54 platform_device_msi_free_irqs_all+0x14/0x20 ufs_qcom_remove+0x34/0x48 [ufs_qcom] platform_remove+0x28/0x44 device_remove+0x4c/0x80 device_release_driver_internal+0xd8/0x178 driver_detach+0x50/0x9c bus_remove_driver+0x6c/0xbc driver_unregister+0x30/0x60 platform_driver_unregister+0x14/0x20 ufs_qcom_pltform_exit+0x18/0xb94 [ufs_qcom] __arm64_sys_delete_module+0x180/0x260 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xdc el0t_64_sync_handler+0xc0/0xc4 el0t_64_sync+0x190/0x194
Title scsi: ufs: qcom: Only free platform MSIs when ESI is enabled
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-12-27T14:51:24.239Z

Updated: 2025-01-20T06:24:18.297Z

Reserved: 2024-12-27T14:03:06.016Z

Link: CVE-2024-56620

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2024-12-27T15:15:21.540

Modified: 2025-01-08T16:09:56.403

Link: CVE-2024-56620

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-12-27T00:00:00Z

Links: CVE-2024-56620 - Bugzilla