CVE-2024-56621

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 27, 2024

Updated: Mar 7, 2025

CWE ID 476

Summary

CVE-2024-56621 is a Linux kernel vulnerability affecting the scsi: ufs driver. In the function ufshcd_remove(), RTC work is not cancelled, leading to a NULL pointer dereference when the RTC work is triggered after ufshcd is removed. Since RTC work accesses ufshcd internal structures, it should be cancelled during ufshcd_remove() to prevent this issue. The vulnerability can result in a kernel panic and potential system instability. The issue has been resolved by properly cancelling RTC work in ufshcd_remove() as per the order in ufshcd_init().

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/183jrK
https://www.cve.org/CVERecord?id=CVE-2024-56621
https://nvd.nist.gov/vuln/detail/CVE-2024-56621

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners