CVE-2024-53053

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 19, 2024
Updated: Nov 22, 2024
CWE ID 667

Summary

CVE-2024-53053 is a newly disclosed vulnerability affecting the Linux kernel. This issue lies in the UFS filesystem driver, specifically within the scsi subsystem. A deadlock occurs when the ufshcd_rtc_work function is executed, and it attempts to call ufshcd_rpm_put_sync() with a pm usage_count of zero. This action triggers the runtime suspend callback, leading to a wait state for the flush of ufshcd_rtc_work. To mitigate this deadlock, the usage of ufshcd_rpm_put_sync() has been replaced with ufshcd_rpm_put() in the kernel resolution.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share