CVE-2024-54458
Published: 27 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: bsg: Set bsg_queue to NULL after removal Currently, this does not cause any issues, but I believe it is necessary to set bsg_queue to NULL after removing it to prevent potential use-after-free (UAF) access.
Security Summary
CVE-2024-54458 is a use-after-free (UAF) vulnerability in the Linux kernel's SCSI UFS BSG (block layer SCSI generic) component. The issue arises because the bsg_queue pointer is not set to NULL after its removal, which could lead to potential UAF access despite not causing issues in current usage. Affected systems include Linux kernel versions prior to the application of the relevant stable patches, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and mapped to CWE-416 (Use After Free).
A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation could result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution, data corruption, or denial of service through the UAF condition in the UFS BSG handling.
Mitigation involves applying the upstream patches from the Linux kernel stable repository, as detailed in the referenced commits: 1e95c798d8a7f70965f0f88d4657b682ff0ec75f, 22018622e1e9e371198dbd983af946a844d5924c, 5e7b6e44468c3242c21c2a8656d009fb3eb50a73, 5f782d4741bf558def60df192b858b0efc6a5f0a, and 88a01e9c9ad40c075756ba93b47984461d4ff15d. These patches explicitly set the bsg_queue to NULL after removal to prevent the potential UAF. Security practitioners should update affected kernels promptly, particularly on systems utilizing UFS storage.
Details
- CWE(s)