CVE-2024-53067: scsi: ufs: core: Start the RTC update work later
First published: Tue Nov 19 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Start the RTC update work later The RTC update work involves runtime resuming the UFS controller. Hence, only start the RTC update work after runtime power management in the UFS driver has been fully initialized. This patch fixes the following kernel crash: Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP Workqueue: events ufshcd_rtc_work Call trace: _raw_spin_lock_irqsave+0x34/0x8c (P) pm_runtime_get_if_active+0x24/0x9c (L) pm_runtime_get_if_active+0x24/0x9c ufshcd_rtc_work+0x138/0x1b4 process_one_work+0x148/0x288 worker_thread+0x2cc/0x3d4 kthread+0x110/0x114 ret_from_fork+0x10/0x20
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=6.8<6.11.8 | |
| Linux Kernel | =6.12-rc1 | |
| Linux Kernel | =6.12-rc2 | |
| Linux Kernel | =6.12-rc3 | |
| Linux Kernel | =6.12-rc4 | |
| Linux Kernel | =6.12-rc5 | |
| Linux Kernel | =6.12-rc6 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/4c25f784fba81227e0437337f962d34380d1c250
- https://git.kernel.org/stable/c/54c814c8b23bc7617be3d46abdb896937695dbfa
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53067
- https://nvd.nist.gov/vuln/detail/CVE-2024-53067
- https://launchpad.net/bugs/cve/CVE-2024-53067
- https://security-tracker.debian.org/tracker/CVE-2024-53067
- https://ubuntu.com/security/CVE-2024-53067
- https://git.kernel.org/linus/54c814c8b23bc7617be3d46abdb896937695dbfa
Frequently Asked Questions
What is the severity of CVE-2024-53067?
The severity of CVE-2024-53067 is currently classified as moderate.
How do I fix CVE-2024-53067?
To fix CVE-2024-53067, update your Linux kernel to a version that includes the patch.
Which versions of the Linux kernel are affected by CVE-2024-53067?
CVE-2024-53067 affects Linux kernels version 6.8 to 6.11.8, as well as various 6.12 release candidates.
What components are involved in CVE-2024-53067?
CVE-2024-53067 involves the SCSI UFS controller and runtime power management in the UFS driver.
Is CVE-2024-53067 a local or remote vulnerability?
CVE-2024-53067 is considered a local vulnerability that requires access to the affected system to exploit.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- collector/nvd-cve
- collector/security-tracker-debian
- source/Debian
- agent/references
- agent/source
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.8
- version/linux kernel/6.12-rc1
- version/linux kernel/6.12-rc2
- version/linux kernel/6.12-rc3
- version/linux kernel/6.12-rc4
- version/linux kernel/6.12-rc5
- version/linux kernel/6.12-rc6
- package-manager/debian