CVE-2024-56587

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-56587
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56587.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-56587
Downstream
Related
Published
2024-12-27T14:50:55.402Z
Modified
2026-05-07T04:18:02.016361Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
leds: class: Protect brightness_show() with led_cdev->led_access mutex
Details

In the Linux kernel, the following vulnerability has been resolved:

leds: class: Protect brightnessshow() with ledcdev->led_access mutex

There is NULL pointer issue observed if from Process A where hid device being added which results in adding a ledcdev addition and later a another call to access of ledcdev attribute from Process B can result in NULL pointer issue.

Use mutex ledcdev->ledaccess to protect access to led->cdev and its attribute inside brightnessshow() and maxbrightness_show() and also update the comment for mutex that it should be used to protect the led class device fields.

Process A               Process B

kthread+0x114 workerthread+0x244 processscheduledworks+0x248 uhiddeviceaddworker+0x24 hidadddevice+0x120 deviceadd+0x268 busprobedevice+0x94 deviceinitial_probe+0x14 __deviceattach+0xfc busforeachdrv+0x10c __deviceattachdriver+0x14c driverprobedevice+0x3c __driverprobedevice+0xa0 reallyprobe+0x190 hiddeviceprobe+0x130 psprobe+0x990 psledregister+0x94 devmledclassdevregisterext+0x58 ledclassdevregisterext+0x1f8 devicecreatewithgroups+0x48 devicecreategroupsvargs+0xc8 deviceadd+0x244 kobjectuevent+0x14 kobjectueventenv[jt]+0x224 mutexunlock[jt]+0xc4 __mutexunlockslowpath+0xd4 wake_upq+0x70 trytowakeup[jt]+0x48c preemptschedulecommon+0x28 __schedule+0x628 __switchto+0x174 el0t64sync+0x1a8/0x1ac el0t64synchandler+0x68/0xbc el0svc+0x38/0x68 doel0svc+0x1c/0x28 el0svccommon+0x80/0xe0 invokesyscall+0x58/0x114 __arm64sysread+0x1c/0x2c ksysread+0x78/0xe8 vfsread+0x1e0/0x2c8 kernfsfopreaditer+0x68/0x1b4 seqreaditer+0x158/0x4ec kernfsseqshow+0x44/0x54 sysfskfseqshow+0xb4/0x130 devattrshow+0x38/0x74 brightnessshow+0x20/0x4c dualshock4ledgetbrightness+0xc/0x74

[ 3313.874295][ T4013] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060 [ 3313.874301][ T4013] Mem abort info: [ 3313.874303][ T4013] ESR = 0x0000000096000006 [ 3313.874305][ T4013] EC = 0x25: DABT (current EL), IL = 32 bits [ 3313.874307][ T4013] SET = 0, FnV = 0 [ 3313.874309][ T4013] EA = 0, S1PTW = 0 [ 3313.874311][ T4013] FSC = 0x06: level 2 translation fault [ 3313.874313][ T4013] Data abort info: [ 3313.874314][ T4013] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000 [ 3313.874316][ T4013] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 3313.874318][ T4013] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 3313.874320][ T4013] user pgtable: 4k pages, 39-bit VAs, pgdp=00000008f2b0a000 ..

[ 3313.874332][ T4013] Dumping ftrace buffer: [ 3313.874334][ T4013] (ftrace buffer empty) .. .. [ dd3313.874639][ T4013] CPU: 6 PID: 4013 Comm: InputReader [ 3313.874648][ T4013] pc : dualshock4ledgetbrightness+0xc/0x74 [ 3313.874653][ T4013] lr : ledupdatebrightness+0x38/0x60 [ 3313.874656][ T4013] sp : ffffffc0b910bbd0 .. .. [ 3313.874685][ T4013] Call trace: [ 3313.874687][ T4013] dualshock4ledgetbrightness+0xc/0x74 [ 3313.874690][ T4013] brightnessshow+0x20/0x4c [ 3313.874692][ T4013] devattrshow+0x38/0x74 [ 3313.874696][ T4013] sysfskfseqshow+0xb4/0x130 [ 3313.874700][ T4013] kernfsseqshow+0x44/0x54 [ 3313.874703][ T4013] seqreaditer+0x158/0x4ec [ 3313.874705][ T4013] kernfsfopreaditer+0x68/0x1b4 [ 3313.874708][ T4013] vfsread+0x1e0/0x2c8 [ 3313.874711][ T4013] ksys_read+0x78/0xe8 [ 3313.874714][ T4013] _arm64sysread+0x1c/0x2c [ 3313.874718][ T4013] invokesyscall+0x58/0x114 [ 3313.874721][ T4013] el0svccommon+0x80/0xe0 [ 3313.874724][ T4013] doel0svc+0x1c/0x28 [ 3313.874727][ T4013] el0svc+0x38/0x68 [ 3313.874730][ T4013] el0t64synchandler+0x68/0xbc [ 3313.874732][ T4013] el0t64sync+0x1a8/0x1ac

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56587.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
29d76dfa29fe22583aefddccda0bc56aa81035dc
Fixed
84b42d5b5fcd767c9b7f30b0b32065ed949fe804
Fixed
ddcfc5708da9972ac23a9121b3d819b0a53d6f21
Fixed
b8283d52ed15c02bb2eb9b1b8644dcc34f8e98f1
Fixed
50d9f68e4adf86901cbab1bd5b91f710aa9141b9
Fixed
f6d6fb563e4be245a17bc4261a4b294e8bf8a31e
Fixed
bb4a6236a430cfc3713f470f3a969f39d6d4ca25
Fixed
4ca7cd938725a4050dcd62ae9472e931d603118d

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56587.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.26
Fixed
5.4.287
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.231
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.174
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.120
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.66
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.5

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56587.json"