CVE-2024-56620 - Vulnerability Details

- scsi: ufs: qcom: Only free platform MSIs when ESI is enabled

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: ufs: qcom: Only free platform MSIs when ESI is enabled

Otherwise, it will result in a NULL pointer dereference as below:

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
Call trace:
mutex_lock+0xc/0x54
platform_device_msi_free_irqs_all+0x14/0x20
ufs_qcom_remove+0x34/0x48 [ufs_qcom]
platform_remove+0x28/0x44
device_remove+0x4c/0x80
device_release_driver_internal+0xd8/0x178
driver_detach+0x50/0x9c
bus_remove_driver+0x6c/0xbc
driver_unregister+0x30/0x60
platform_driver_unregister+0x14/0x20
ufs_qcom_pltform_exit+0x18/0xb94 [ufs_qcom]
__arm64_sys_delete_module+0x180/0x260
invoke_syscall+0x44/0x100
el0_svc_common.constprop.0+0xc0/0xe0
do_el0_svc+0x1c/0x28
el0_svc+0x34/0xdc
el0t_64_sync_handler+0xc0/0xc4
el0t_64_sync+0x190/0x194

Published: 2024-12-27

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`519b6274a7775f5fe00a086f189efb8f063467d1`	affected	< f16a097047e38dcdd169a15e3eed1b2f2147a2e7
`519b6274a7775f5fe00a086f189efb8f063467d1`	affected	< f99cb5f6344ef93777fd3add7979ebf291a852df
`519b6274a7775f5fe00a086f189efb8f063467d1`	affected	< 64506b3d23a337e98a74b18dcb10c8619365f2bd

Linux

affected

Version	Status	Constraints
`6.3`	affected	—
`0`	unaffected	< 6.3
`6.6.86`	unaffected	≤ 6.6.*
`6.12.5`	unaffected	≤ 6.12.*
`6.13`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc1::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-53268	In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Otherwise, it will result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace: mutex_lock+0xc/0x54 platform_device_msi_free_irqs_all+0x14/0x20 ufs_qcom_remove+0x34/0x48 [ufs_qcom] platform_remove+0x28/0x44 device_remove+0x4c/0x80 device_release_driver_internal+0xd8/0x178 driver_detach+0x50/0x9c bus_remove_driver+0x6c/0xbc driver_unregister+0x30/0x60 platform_driver_unregister+0x14/0x20 ufs_qcom_pltform_exit+0x18/0xb94 [ufs_qcom] __arm64_sys_delete_module+0x180/0x260 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xdc el0t_64_sync_handler+0xc0/0xc4 el0t_64_sync+0x190/0x194
Ubuntu USN	USN-7379-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7379-2	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-7380-1	Linux kernel (Low Latency) vulnerabilities
Ubuntu USN	USN-7381-1	Linux kernel (Low Latency) vulnerabilities
Ubuntu USN	USN-7382-1	Linux kernel (OEM) vulnerabilities
Ubuntu USN	USN-7449-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7449-2	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-7450-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7451-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7452-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7453-1	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-7468-1	Linux kernel (Azure, N-Series) vulnerabilities
Ubuntu USN	USN-7523-1	Linux kernel (Raspberry Pi Real-time) vulnerabilities
Ubuntu USN	USN-7524-1	Linux kernel (Raspberry Pi) vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/64506b3d23a337e98a74b18dcb10c8619365f2bd
https://git.kernel.org/stable/c/f16a097047e38dcdd169a15e3eed1b2f2147a2e7
https://git.kernel.org/stable/c/f99cb5f6344ef93777fd3add7979ebf291a852df
https://lore.kernel.org/linux-cve-announce/2024122709-CVE-2024-56620-d1a8@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-56620
https://www.cve.org/CVERecord?id=CVE-2024-56620

History

Mon, 07 Apr 2025 08:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/f16a097047e38dcdd169a15e3eed1b2f2147a2e7

Thu, 13 Feb 2025 00:30:00 +0000

Type	Values Removed	Values Added
Metrics	threat_severity `Low`	threat_severity `Moderate`

Wed, 08 Jan 2025 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-476
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.13:rc1::::::
Vendors & Products		Linux Linux linux Kernel

Mon, 30 Dec 2024 01:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024122709-CVE-2024-56620-d1a8@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-56620 https://www.cve.org/CVERecord?id=CVE-2024-56620
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Fri, 27 Dec 2024 15:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Otherwise, it will result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace: mutex_lock+0xc/0x54 platform_device_msi_free_irqs_all+0x14/0x20 ufs_qcom_remove+0x34/0x48 [ufs_qcom] platform_remove+0x28/0x44 device_remove+0x4c/0x80 device_release_driver_internal+0xd8/0x178 driver_detach+0x50/0x9c bus_remove_driver+0x6c/0xbc driver_unregister+0x30/0x60 platform_driver_unregister+0x14/0x20 ufs_qcom_pltform_exit+0x18/0xb94 [ufs_qcom] __arm64_sys_delete_module+0x180/0x260 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xdc el0t_64_sync_handler+0xc0/0xc4 el0t_64_sync+0x190/0x194
Title		scsi: ufs: qcom: Only free platform MSIs when ESI is enabled
References		https://git.kernel.org/stable/c/64506b3d23a337e98a74b18dcb10c8619365f2bd https://git.kernel.org/stable/c/f99cb5f6344ef93777fd3add7979ebf291a852df

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-12-27T14:51:24.239Z

Updated: 2026-05-11T20:55:59.230Z

Reserved: 2024-12-27T14:03:06.016Z

Link: CVE-2024-56620

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-12-27T15:15:21.540

Modified: 2025-04-07T09:15:16.353

Link: CVE-2024-56620

Redhat

Severity : Moderate

Publid Date: 2024-12-27T00:00:00Z

Links: CVE-2024-56620 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-476

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object