ghsa-m39v-c9r9-vmwh
Vulnerability from github
Published
2024-12-27 15:31
Modified
2025-04-07 09:30
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: ufs: qcom: Only free platform MSIs when ESI is enabled

Otherwise, it will result in a NULL pointer dereference as below:

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace: mutex_lock+0xc/0x54 platform_device_msi_free_irqs_all+0x14/0x20 ufs_qcom_remove+0x34/0x48 [ufs_qcom] platform_remove+0x28/0x44 device_remove+0x4c/0x80 device_release_driver_internal+0xd8/0x178 driver_detach+0x50/0x9c bus_remove_driver+0x6c/0xbc driver_unregister+0x30/0x60 platform_driver_unregister+0x14/0x20 ufs_qcom_pltform_exit+0x18/0xb94 [ufs_qcom] __arm64_sys_delete_module+0x180/0x260 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xdc el0t_64_sync_handler+0xc0/0xc4 el0t_64_sync+0x190/0x194

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-56620"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-27T15:15:21Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: qcom: Only free platform MSIs when ESI is enabled\n\nOtherwise, it will result in a NULL pointer dereference as below:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000008\nCall trace:\n mutex_lock+0xc/0x54\n platform_device_msi_free_irqs_all+0x14/0x20\n ufs_qcom_remove+0x34/0x48 [ufs_qcom]\n platform_remove+0x28/0x44\n device_remove+0x4c/0x80\n device_release_driver_internal+0xd8/0x178\n driver_detach+0x50/0x9c\n bus_remove_driver+0x6c/0xbc\n driver_unregister+0x30/0x60\n platform_driver_unregister+0x14/0x20\n ufs_qcom_pltform_exit+0x18/0xb94 [ufs_qcom]\n __arm64_sys_delete_module+0x180/0x260\n invoke_syscall+0x44/0x100\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xdc\n el0t_64_sync_handler+0xc0/0xc4\n el0t_64_sync+0x190/0x194",
  "id": "GHSA-m39v-c9r9-vmwh",
  "modified": "2025-04-07T09:30:23Z",
  "published": "2024-12-27T15:31:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56620"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/64506b3d23a337e98a74b18dcb10c8619365f2bd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f16a097047e38dcdd169a15e3eed1b2f2147a2e7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f99cb5f6344ef93777fd3add7979ebf291a852df"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.