CVE-2024-41054

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue arises when ufshcd clear cmd is racing with the completion ISR, causing the completed tag of the request's mq hctx pointer to be set to NULL by the ISR. This results in ufshcd clear cmd's call to ufshcd mcq req to hwq getting a NULL pointer, leading to a kernel NULL pointer dereference. The racing flow involves two threads: Thread A, which calls ufshcd err handler, ufshcd try to abort task, and ufshcd clear cmd, and Thread B, which calls ufs mtk mcq intr (cq complete ISR), scsi done, and blk mq free request. The error occurs when rq->mq hctx is set to NULL in Thread B, and then ufshcd clear cmd attempts to access rq->mq hctx->queue num in Thread A.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.