CVE-2024-56588

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability has been resolved in the Linux kernel related to the scsi: hisi sas driver. The issue occurs when the dump is triggered while the driver is unbind, causing a hang due to a NULL pointer dereference. To fix this issue, all directories and files should be created during debugfs initialization, allowing the driver to only allocate memory space to save information each time the user triggers dumping.

Recommendations To resolve the issue, create all directories and files during debugfs initialization. This way, the driver only needs to allocate memory space to save information each time the user triggers dumping. As a temporary workaround, consider disabling the debugfs create dir function until a patch is available. Restrict access to the hisi sas v3 hw module to minimize the risk of exploitation. Avoid using the debugfs trigger dump v3 hw write function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.