CVE-2024-56621
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-56621
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56621.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-56621
- Downstream
- Related
- Published
- 2024-12-27T14:51:24Z
- Modified
- 2025-10-15T19:55:57.943886Z
- Summary
- scsi: ufs: core: Cancel RTC work during ufshcd_remove()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Cancel RTC work during ufshcd_remove()
Currently, RTC work is only cancelled during _ufshcdwlsuspend(). When ufshcd is removed in ufshcdremove(), RTC work is not cancelled. Due to this, any further trigger of the RTC work after ufshcd_remove() would result in a NULL pointer dereference as below:
Unable to handle kernel NULL pointer dereference at virtual address 00000000000002a4 Workqueue: events ufshcdrtcwork Call trace: rawspinlockirqsave+0x34/0x8c pmruntimegetifactive+0x24/0xb4 ufshcdrtcwork+0x124/0x19c processscheduledworks+0x18c/0x2d8 workerthread+0x144/0x280 kthread+0x11c/0x128 retfrom_fork+0x10/0x20
Since RTC work accesses the ufshcd internal structures, it should be cancelled when ufshcd is removed. So do that in ufshcdremove(), as per the order in ufshcdinit().
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced06701a545e9a3c4e007cff6872a074bf97c40619Fixed57479e37d3f69efee2f0678568274db773284bc8
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6bf999e0eb41850d5c857102535d5c53b2ede224Fixed2e7a3bb0331efb292e0fb022c36bc592137f0520
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6bf999e0eb41850d5c857102535d5c53b2ede224Fixed1695c4361d35b7bdadd7b34f99c9c07741e181e5