CVE-2024-56621 - Vulnerability Details

- scsi: ufs: core: Cancel RTC work during ufshcd_remove()

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: ufs: core: Cancel RTC work during ufshcd_remove()

Currently, RTC work is only cancelled during __ufshcd_wl_suspend(). When
ufshcd is removed in ufshcd_remove(), RTC work is not cancelled. Due to
this, any further trigger of the RTC work after ufshcd_remove() would
result in a NULL pointer dereference as below:

Unable to handle kernel NULL pointer dereference at virtual address 00000000000002a4
Workqueue: events ufshcd_rtc_work
Call trace:
_raw_spin_lock_irqsave+0x34/0x8c
pm_runtime_get_if_active+0x24/0xb4
ufshcd_rtc_work+0x124/0x19c
process_scheduled_works+0x18c/0x2d8
worker_thread+0x144/0x280
kthread+0x11c/0x128
ret_from_fork+0x10/0x20

Since RTC work accesses the ufshcd internal structures, it should be cancelled
when ufshcd is removed. So do that in ufshcd_remove(), as per the order in
ufshcd_init().

Published: 2024-12-27

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`06701a545e9a3c4e007cff6872a074bf97c40619`	affected	< 57479e37d3f69efee2f0678568274db773284bc8
`6bf999e0eb41850d5c857102535d5c53b2ede224`	affected	< 2e7a3bb0331efb292e0fb022c36bc592137f0520
`6bf999e0eb41850d5c857102535d5c53b2ede224`	affected	< 1695c4361d35b7bdadd7b34f99c9c07741e181e5

Linux

affected

Version	Status	Constraints
`6.8`	affected	—
`0`	unaffected	< 6.8
`6.12.5`	unaffected	≤ 6.12.*
`6.13`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc1::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-53269	In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Cancel RTC work during ufshcd_remove() Currently, RTC work is only cancelled during __ufshcd_wl_suspend(). When ufshcd is removed in ufshcd_remove(), RTC work is not cancelled. Due to this, any further trigger of the RTC work after ufshcd_remove() would result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 00000000000002a4 Workqueue: events ufshcd_rtc_work Call trace: _raw_spin_lock_irqsave+0x34/0x8c pm_runtime_get_if_active+0x24/0xb4 ufshcd_rtc_work+0x124/0x19c process_scheduled_works+0x18c/0x2d8 worker_thread+0x144/0x280 kthread+0x11c/0x128 ret_from_fork+0x10/0x20 Since RTC work accesses the ufshcd internal structures, it should be cancelled when ufshcd is removed. So do that in ufshcd_remove(), as per the order in ufshcd_init().
Ubuntu USN	USN-7379-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7379-2	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-7380-1	Linux kernel (Low Latency) vulnerabilities
Ubuntu USN	USN-7381-1	Linux kernel (Low Latency) vulnerabilities
Ubuntu USN	USN-7382-1	Linux kernel (OEM) vulnerabilities
Ubuntu USN	USN-7449-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7449-2	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-7450-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7451-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7452-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7453-1	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-7468-1	Linux kernel (Azure, N-Series) vulnerabilities
Ubuntu USN	USN-7523-1	Linux kernel (Raspberry Pi Real-time) vulnerabilities
Ubuntu USN	USN-7524-1	Linux kernel (Raspberry Pi) vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0002.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1695c4361d35b7bdadd7b34f99c9c07741e181e5
https://git.kernel.org/stable/c/2e7a3bb0331efb292e0fb022c36bc592137f0520
https://git.kernel.org/stable/c/57479e37d3f69efee2f0678568274db773284bc8
https://lore.kernel.org/linux-cve-announce/2024122710-CVE-2024-56621-98bf@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-56621
https://www.cve.org/CVERecord?id=CVE-2024-56621

History

Fri, 07 Mar 2025 18:15:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/57479e37d3f69efee2f0678568274db773284bc8

Thu, 13 Feb 2025 00:30:00 +0000

Type	Values Removed	Values Added
Metrics	threat_severity `Low`	threat_severity `Moderate`

Wed, 08 Jan 2025 17:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-476
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.13:rc1::::::
Vendors & Products		Linux Linux linux Kernel

Mon, 30 Dec 2024 01:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024122710-CVE-2024-56621-98bf@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-56621 https://www.cve.org/CVERecord?id=CVE-2024-56621
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Fri, 27 Dec 2024 15:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Cancel RTC work during ufshcd_remove() Currently, RTC work is only cancelled during __ufshcd_wl_suspend(). When ufshcd is removed in ufshcd_remove(), RTC work is not cancelled. Due to this, any further trigger of the RTC work after ufshcd_remove() would result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 00000000000002a4 Workqueue: events ufshcd_rtc_work Call trace: _raw_spin_lock_irqsave+0x34/0x8c pm_runtime_get_if_active+0x24/0xb4 ufshcd_rtc_work+0x124/0x19c process_scheduled_works+0x18c/0x2d8 worker_thread+0x144/0x280 kthread+0x11c/0x128 ret_from_fork+0x10/0x20 Since RTC work accesses the ufshcd internal structures, it should be cancelled when ufshcd is removed. So do that in ufshcd_remove(), as per the order in ufshcd_init().
Title		scsi: ufs: core: Cancel RTC work during ufshcd_remove()
References		https://git.kernel.org/stable/c/1695c4361d35b7bdadd7b34f99c9c07741e181e5 https://git.kernel.org/stable/c/2e7a3bb0331efb292e0fb022c36bc592137f0520

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-12-27T14:51:24.948Z

Updated: 2026-05-11T20:56:00.452Z

Reserved: 2024-12-27T14:03:06.016Z

Link: CVE-2024-56621

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-12-27T15:15:21.637

Modified: 2025-03-07T18:15:45.237

Link: CVE-2024-56621

Redhat

Severity : Moderate

Publid Date: 2024-12-27T00:00:00Z

Links: CVE-2024-56621 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-476

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object