CVE-2024-46843 in Linuxinfo

Summary

by MITRE • 09/27/2024

In the Linux kernel, the following vulnerability has been resolved:

scsi: ufs: core: Remove SCSI host only if added

If host tries to remove ufshcd driver from a UFS device it would cause a kernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before adding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host has been defered after MCQ configuration introduced by commit 0cab4023ec7b ("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported").

To guarantee that SCSI host is removed only if it has been added, set the scsi_host_added flag to true after adding a SCSI host and check whether it is set or not before removing it.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 04/05/2026

The vulnerability described in CVE-2024-46843 represents a critical kernel panic condition within the Linux SCSI UFS subsystem that arises from improper handling of SCSI host lifecycle management. This issue specifically affects the Universal Flash Storage (UFS) driver implementation in the Linux kernel where the ufshcd driver attempts to remove a SCSI host instance without first verifying whether that host was successfully added to the system. The flaw occurs during the device probe sequence when the driver encounters a failure in the asynchronous scanning process, creating a scenario where kernel memory management becomes inconsistent and leads to system instability.

The technical root cause of this vulnerability stems from a logical error in the device initialization sequence where the SCSI host removal operation is performed regardless of whether the host was actually registered with the SCSI subsystem. This problem becomes particularly pronounced when Multi-Queue Command Queuing (MCQ) support is enabled, as the driver defers the addition of the SCSI host until after MCQ configuration has been completed. The commit 0cab4023ec7b introduced this deferral mechanism to optimize performance, but it created a race condition where the removal logic does not account for the conditional addition state of the SCSI host. The vulnerability manifests when the ufshcd_async_scan function fails during the probe phase, leaving the system in an inconsistent state where a removal operation targets a host that was never properly added.

The operational impact of this vulnerability is severe as it can lead to complete system crashes and kernel panics, effectively rendering the affected system unstable and unusable. When a UFS device is removed or when the driver encounters an error during initialization, the kernel will panic and terminate the system, resulting in potential data loss and service disruption. This affects systems that rely heavily on UFS storage technologies, particularly those using modern mobile devices, embedded systems, and enterprise storage solutions where UFS is the primary storage interface. The vulnerability is particularly concerning in production environments where system reliability is paramount, as unexpected kernel panics can lead to unplanned downtime and potential security implications from system instability.

The mitigation strategy for this vulnerability involves implementing proper state management for SCSI host operations by introducing a flag-based approach to track host addition status. The fix requires setting a scsi_host_added flag to true immediately after successfully adding a SCSI host through the scsi_add_host function, and subsequently checking this flag before attempting any removal operations. This approach directly addresses the core issue by ensuring that the removal logic only executes when a host has been properly registered with the SCSI subsystem, preventing the kernel panic scenario. This solution aligns with common software engineering practices for resource management and follows the principle of defensive programming. The fix also demonstrates adherence to CWE-457 principles regarding use of uninitialized variables and proper state tracking in kernel drivers, while addressing ATT&CK technique T1490 related to system destruction through kernel-level exploits. Organizations should prioritize updating their Linux kernel versions to include this patch, particularly those running systems with UFS storage configurations where the vulnerability could be triggered through device removal or error conditions during initialization.

Responsible

Linux

Reservation

09/11/2024

Disclosure

09/27/2024

Moderation

accepted

CPE

ready

EPSS

0.00235

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!