CVE-2024-54458 in Linuxinfo

Summary

by MITRE • 02/27/2025

In the Linux kernel, the following vulnerability has been resolved:

scsi: ufs: bsg: Set bsg_queue to NULL after removal

Currently, this does not cause any issues, but I believe it is necessary to set bsg_queue to NULL after removing it to prevent potential use-after-free (UAF) access.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 05/24/2026

The vulnerability identified as CVE-2024-54458 resides within the Linux kernel's SCSI subsystem, specifically in the Universal Flash Storage (UFS) driver implementation. This issue manifests in the Block Scattering Gather (BSG) functionality that handles asynchronous I/O operations for UFS devices. The flaw represents a subtle but significant memory management oversight that could potentially lead to use-after-free conditions under specific circumstances. The vulnerability affects the bsg_queue handling mechanism within the UFS driver's BSG implementation, where proper resource cleanup procedures are not fully enforced during device removal operations.

The technical root cause of this vulnerability stems from the improper handling of the bsg_queue pointer within the UFS driver's BSG subsystem. When a UFS device is removed or unregistered from the system, the driver should ensure that all associated BSG queue references are properly cleared and set to NULL to prevent any subsequent access attempts to freed memory locations. Currently, the implementation fails to explicitly set the bsg_queue pointer to NULL after the removal operation, leaving a dangling reference that could potentially be accessed by other code paths or concurrent operations. This represents a classic use-after-free vulnerability pattern where memory that has been deallocated is still referenced by a pointer variable, creating potential security implications and system instability. The vulnerability aligns with CWE-416, which specifically addresses use-after-free conditions in memory management.

The operational impact of this vulnerability extends beyond simple memory management concerns into potential system stability and security risks. While the immediate exploitation may not produce visible effects, the presence of a dangling pointer creates a window of opportunity for malicious actors to manipulate system behavior through carefully crafted I/O operations or device management sequences. The vulnerability is particularly concerning in environments where UFS devices are frequently added and removed, such as mobile devices, embedded systems, or virtualized environments where device hot-plugging occurs regularly. Attackers could potentially leverage this condition to achieve privilege escalation or denial-of-service scenarios by triggering specific sequences that cause the dangling pointer to be dereferenced. The issue also aligns with ATT&CK technique T1068 which involves exploiting vulnerabilities to gain system privileges, and T1499 which covers network denial of service through resource exhaustion.

Mitigation strategies for CVE-2024-54458 should focus on implementing proper resource cleanup procedures within the UFS driver's BSG subsystem. The primary fix involves ensuring that the bsg_queue pointer is explicitly set to NULL immediately following the device removal operation, thereby eliminating the dangling reference that could lead to use-after-free conditions. System administrators should ensure that all Linux kernel updates are applied promptly, particularly in production environments where UFS storage devices are actively used. The fix represents a defensive programming practice that prevents potential future exploitation while maintaining existing functionality. Organizations should also implement monitoring for unusual device removal patterns or BSG-related error messages that might indicate the presence of similar vulnerabilities in other kernel subsystems. Regular kernel security audits and vulnerability assessments should be conducted to identify and remediate similar memory management issues across all device drivers and subsystems within the kernel. The solution aligns with best practices in kernel security development and follows established patterns for preventing use-after-free vulnerabilities in kernel space code.

Responsible

Linux

Reservation

02/27/2025

Disclosure

02/27/2025

Moderation

accepted

CPE

ready

EPSS

0.00214

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!