CVE-2024-56621

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: ufs: core: Cancel RTC work during ufshcd_remove()<br /> <br /> Currently, RTC work is only cancelled during __ufshcd_wl_suspend(). When<br /> ufshcd is removed in ufshcd_remove(), RTC work is not cancelled. Due to<br /> this, any further trigger of the RTC work after ufshcd_remove() would<br /> result in a NULL pointer dereference as below:<br /> <br /> Unable to handle kernel NULL pointer dereference at virtual address 00000000000002a4<br /> Workqueue: events ufshcd_rtc_work<br /> Call trace:<br /> _raw_spin_lock_irqsave+0x34/0x8c<br /> pm_runtime_get_if_active+0x24/0xb4<br /> ufshcd_rtc_work+0x124/0x19c<br /> process_scheduled_works+0x18c/0x2d8<br /> worker_thread+0x144/0x280<br /> kthread+0x11c/0x128<br /> ret_from_fork+0x10/0x20<br /> <br /> Since RTC work accesses the ufshcd internal structures, it should be cancelled<br /> when ufshcd is removed. So do that in ufshcd_remove(), as per the order in<br /> ufshcd_init().