{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-53067", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-11-19T17:17:24.975Z", "datePublished": "2024-11-19T17:22:36.030Z", "dateUpdated": "2024-11-19T17:22:36.030Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-19T17:22:36.030Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Start the RTC update work later\n\nThe RTC update work involves runtime resuming the UFS controller. Hence,\nonly start the RTC update work after runtime power management in the UFS\ndriver has been fully initialized. This patch fixes the following kernel\ncrash:\n\nInternal error: Oops: 0000000096000006 [#1] PREEMPT SMP\nWorkqueue: events ufshcd_rtc_work\nCall trace:\n _raw_spin_lock_irqsave+0x34/0x8c (P)\n pm_runtime_get_if_active+0x24/0x9c (L)\n pm_runtime_get_if_active+0x24/0x9c\n ufshcd_rtc_work+0x138/0x1b4\n process_one_work+0x148/0x288\n worker_thread+0x2cc/0x3d4\n kthread+0x110/0x114\n ret_from_fork+0x10/0x20"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/ufs/core/ufshcd.c"], "versions": [{"version": "6bf999e0eb41", "lessThan": "4c25f784fba8", "status": "affected", "versionType": "git"}, {"version": "6bf999e0eb41", "lessThan": "54c814c8b23b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/ufs/core/ufshcd.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.8", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/4c25f784fba81227e0437337f962d34380d1c250"}, {"url": "https://git.kernel.org/stable/c/54c814c8b23bc7617be3d46abdb896937695dbfa"}], "title": "scsi: ufs: core: Start the RTC update work later", "x_generator": {"engine": "bippy-8e903de6a542"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "24AB354E-701F-4D6C-8B18-A0BBA5C21C30", "versionEndExcluding": "6.11.8", "versionStartIncluding": "6.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*", "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Start the RTC update work later\n\nThe RTC update work involves runtime resuming the UFS controller. Hence,\nonly start the RTC update work after runtime power management in the UFS\ndriver has been fully initialized. This patch fixes the following kernel\ncrash:\n\nInternal error: Oops: 0000000096000006 [#1] PREEMPT SMP\nWorkqueue: events ufshcd_rtc_work\nCall trace:\n _raw_spin_lock_irqsave+0x34/0x8c (P)\n pm_runtime_get_if_active+0x24/0x9c (L)\n pm_runtime_get_if_active+0x24/0x9c\n ufshcd_rtc_work+0x138/0x1b4\n process_one_work+0x148/0x288\n worker_thread+0x2cc/0x3d4\n kthread+0x110/0x114\n ret_from_fork+0x10/0x20"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: ufs: core: Iniciar el trabajo de actualizaci\u00f3n de RTC m\u00e1s tarde El trabajo de actualizaci\u00f3n de RTC implica que el tiempo de ejecuci\u00f3n reanude el controlador UFS. Por lo tanto, solo inicie el trabajo de actualizaci\u00f3n de RTC despu\u00e9s de que se haya inicializado por completo la administraci\u00f3n de energ\u00eda en tiempo de ejecuci\u00f3n en el controlador UFS. Este parche corrige el siguiente fallo del kernel: Error interno: Oops: 0000000096000006 [#1] PREEMPT SMP Workqueue: eventos ufshcd_rtc_work Seguimiento de llamadas: _raw_spin_lock_irqsave+0x34/0x8c (P) pm_runtime_get_if_active+0x24/0x9c (L) pm_runtime_get_if_active+0x24/0x9c ufshcd_rtc_work+0x138/0x1b4 process_one_work+0x148/0x288 worker_thread+0x2cc/0x3d4 kthread+0x110/0x114 ret_from_fork+0x10/0x20"}], "id": "CVE-2024-53067", "lastModified": "2024-11-25T21:00:06.237", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-11-19T18:15:26.490", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4c25f784fba81227e0437337f962d34380d1c250"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/54c814c8b23bc7617be3d46abdb896937695dbfa"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: scsi: ufs: core: Start the RTC update work later", "id": "2327360", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327360"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nscsi: ufs: core: Start the RTC update work later\nThe RTC update work involves runtime resuming the UFS controller. Hence,\nonly start the RTC update work after runtime power management in the UFS\ndriver has been fully initialized. This patch fixes the following kernel\ncrash:\nInternal error: Oops: 0000000096000006 [#1] PREEMPT SMP\nWorkqueue: events ufshcd_rtc_work\nCall trace:\n_raw_spin_lock_irqsave+0x34/0x8c (P)\npm_runtime_get_if_active+0x24/0x9c (L)\npm_runtime_get_if_active+0x24/0x9c\nufshcd_rtc_work+0x138/0x1b4\nprocess_one_work+0x148/0x288\nworker_thread+0x2cc/0x3d4\nkthread+0x110/0x114\nret_from_fork+0x10/0x20"], "name": "CVE-2024-53067", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-11-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-53067\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53067\nhttps://lore.kernel.org/linux-cve-announce/2024111933-CVE-2024-53067-0c9e@gregkh/T"], "threat_severity": "Moderate"}