Use-After-Free Vulnerability in Linux Kernel's SCSI UFS Driver
CVE-2024-54458

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A vulnerability exists in the Linux kernel's SCSI UFS driver where the bsg_queue is not set to NULL after its removal. While currently harmless, failing to nullify bsg_queue could lead to potential use-after-free access, causing instability or unintended behavior in the kernel. This change is crucial to enhance the security and reliability of the Linux kernel.

Affected Version(s)

Linux df032bf27a414acf61c957ec2fad22a57d903b39 < 5e7b6e44468c3242c21c2a8656d009fb3eb50a73

Linux df032bf27a414acf61c957ec2fad22a57d903b39 < 5f782d4741bf558def60df192b858b0efc6a5f0a

Linux df032bf27a414acf61c957ec2fad22a57d903b39 < 88a01e9c9ad40c075756ba93b47984461d4ff15d

References

https://git.kernel.org/stable/c/5e7b6e44468c3242c21c2a865...

https://git.kernel.org/stable/c/5f782d4741bf558def60df192...

https://git.kernel.org/stable/c/88a01e9c9ad40c075756ba93b...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Feb 27, 2025