CVE-2024-56587: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: leds: class: Protect brightness_show() with led_cdev->led_access mutex There is NULL pointer issue observed if from Process A where hid device being added which results in adding a led_cdev addition and later a another call to access of led_cdev attribute from Process B can result in NULL pointer issue. Use mutex led_cdev->led_access to protect access to led->cdev and its attribute inside brightness_show() and max_brightness_show() and also update the comment for mutex that it should be used to protect the led class device fields. Process A Process B kthread+0x114 worker_thread+0x244 process_scheduled_works+0x248 uhid_device_add_worker+0x24 hid_add_device+0x120 device_add+0x268 bus_probe_device+0x94 device_initial_probe+0x14 __device_attach+0xfc bus_for_each_drv+0x10c __device_attach_driver+0x14c driver_probe_device+0x3c __driver_probe_device+0xa0 really_probe+0x190 hid_device_probe+0x130 ps_probe+0x990 ps_led_register+0x94 devm_led_classdev_register_ext+0x58 led_classdev_register_ext+0x1f8 device_create_with_groups+0x48 device_create_groups_vargs+0xc8 device_add+0x244 kobject_uevent+0x14 kobject_uevent_env[jt]+0x224 mutex_unlock[jt]+0xc4 __mutex_unlock_slowpath+0xd4 wake_up_q+0x70 try_to_wake_up[jt]+0x48c preempt_schedule_common+0x28 __schedule+0x628 __switch_to+0x174 el0t_64_sync+0x1a8/0x1ac el0t_64_sync_handler+0x68/0xbc el0_svc+0x38/0x68 do_el0_svc+0x1c/0x28 el0_svc_common+0x80/0xe0 invoke_syscall+0x58/0x114 __arm64_sys_read+0x1c/0x2c ksys_read+0x78/0xe8 vfs_read+0x1e0/0x2c8 kernfs_fop_read_iter+0x68/0x1b4 seq_read_iter+0x158/0x4ec kernfs_seq_show+0x44/0x54 sysfs_kf_seq_show+0xb4/0x130 dev_attr_show+0x38/0x74 brightness_show+0x20/0x4c dualshock4_led_get_brightness+0xc/0x74 [ 3313.874295][ T4013] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060 [ 3313.874301][ T4013] Mem abort info: [ 3313.874303][ T4013] ESR = 0x0000000096000006 [ 3313.874305][ T4013] EC = 0x25: DABT (current EL), IL = 32 bits [ 3313.874307][ T4013] SET = 0, FnV = 0 [ 3313.874309][ T4013] EA = 0, S1PTW = 0 [ 3313.874311][ T4013] FSC = 0x06: level 2 translation fault [ 3313.874313][ T4013] Data abort info: [ 3313.874314][ T4013] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000 [ 3313.874316][ T4013] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 3313.874318][ T4013] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 3313.874320][ T4013] user pgtable: 4k pages, 39-bit VAs, pgdp=00000008f2b0a000 .. [ 3313.874332][ T4013] Dumping ftrace buffer: [ 3313.874334][ T4013] (ftrace buffer empty) .. .. [ dd3313.874639][ T4013] CPU: 6 PID: 4013 Comm: InputReader [ 3313.874648][ T4013] pc : dualshock4_led_get_brightness+0xc/0x74 [ 3313.874653][ T4013] lr : led_update_brightness+0x38/0x60 [ 3313.874656][ T4013] sp : ffffffc0b910bbd0 .. .. [ 3313.874685][ T4013] Call trace: [ 3313.874687][ T4013] dualshock4_led_get_brightness+0xc/0x74 [ 3313.874690][ T4013] brightness_show+0x20/0x4c [ 3313.874692][ T4013] dev_attr_show+0x38/0x74 [ 3313.874696][ T4013] sysfs_kf_seq_show+0xb4/0x130 [ 3313.874700][ T4013] kernfs_seq_show+0x44/0x54 [ 3313.874703][ T4013] seq_read_iter+0x158/0x4ec [ 3313.874705][ T4013] kernfs_fop_read_iter+0x68/0x1b4 [ 3313.874708][ T4013] vfs_read+0x1e0/0x2c8 [ 3313.874711][ T4013] ksys_read+0x78/0xe8 [ 3313.874714][ T4013] __arm64_sys_read+0x1c/0x2c [ 3313.874718][ T4013] invoke_syscall+0x58/0x114 [ 3313.874721][ T4013] el0_svc_common+0x80/0xe0 [ 3313.874724][ T4013] do_el0_svc+0x1c/0x28 [ 3313.874727][ T4013] el0_svc+0x38/0x68 [ 3313.874730][ T4013] el0t_64_sync_handler+0x68/0xbc [ 3313.874732][ T4013] el0t_64_sync+0x1a8/0x1ac
AI Analysis
Technical Summary
CVE-2024-56587 is a vulnerability identified in the Linux kernel's LED subsystem, specifically within the led_class device handling code. The flaw arises due to a lack of proper synchronization when accessing the led_cdev structure's attributes, particularly in the brightness_show() and max_brightness_show() functions. The root cause is a NULL pointer dereference triggered when two processes concurrently interact with the LED class device: Process A adds a HID device that results in adding a led_cdev, while Process B simultaneously accesses led_cdev attributes. Without proper locking, Process B may dereference a NULL pointer leading to a kernel crash (NULL pointer dereference). The fix involves protecting access to led_cdev and its attributes with the led_access mutex, ensuring serialized access and preventing race conditions. The vulnerability is demonstrated by kernel oops logs showing a crash in dualshock4_led_get_brightness(), indicating that the issue can manifest during device attribute reads via sysfs. This vulnerability affects Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and was publicly disclosed on December 27, 2024. No known exploits are reported in the wild yet, and no CVSS score has been assigned. The vulnerability is a classic race condition leading to a NULL pointer dereference and consequent denial of service (kernel panic).
Potential Impact
For European organizations, this vulnerability primarily poses a risk of denial of service on Linux-based systems that utilize HID devices with LED class devices, such as embedded systems, IoT devices, or servers with specific hardware interfaces. The kernel crash caused by the NULL pointer dereference can lead to system instability, unexpected reboots, or downtime, impacting availability. Confidentiality and integrity impacts are minimal as the vulnerability does not directly allow privilege escalation or arbitrary code execution. However, disruption of critical infrastructure or services running on affected Linux systems could have operational and financial consequences. Organizations relying on Linux kernels with the affected versions, especially those using HID devices with LED indicators (e.g., gaming peripherals, industrial controllers), may experience service interruptions. Given the Linux kernel's widespread use in European data centers, telecommunications, and industrial control systems, the vulnerability could affect a broad range of sectors if exploited or triggered inadvertently.
Mitigation Recommendations
1. Apply the official Linux kernel patches that introduce the led_access mutex protection to the led_cdev structure as soon as they are available from trusted sources or Linux distributions. 2. For organizations unable to immediately patch, implement kernel live patching solutions if supported by their environment to minimize downtime. 3. Restrict access to HID devices and related sysfs interfaces to trusted users and processes to reduce the risk of concurrent access triggering the vulnerability. 4. Monitor kernel logs for signs of NULL pointer dereferences or kernel panics related to led_class devices to detect potential exploitation or accidental triggering. 5. Conduct thorough testing of HID device drivers and LED class device interactions in staging environments to identify any race conditions or instability before production deployment. 6. Maintain updated inventories of Linux kernel versions and hardware peripherals to prioritize patching and risk assessment. 7. Employ system hardening and kernel security modules (e.g., SELinux, AppArmor) to limit the impact of kernel crashes and improve system resilience.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-56587: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: leds: class: Protect brightness_show() with led_cdev->led_access mutex There is NULL pointer issue observed if from Process A where hid device being added which results in adding a led_cdev addition and later a another call to access of led_cdev attribute from Process B can result in NULL pointer issue. Use mutex led_cdev->led_access to protect access to led->cdev and its attribute inside brightness_show() and max_brightness_show() and also update the comment for mutex that it should be used to protect the led class device fields. Process A Process B kthread+0x114 worker_thread+0x244 process_scheduled_works+0x248 uhid_device_add_worker+0x24 hid_add_device+0x120 device_add+0x268 bus_probe_device+0x94 device_initial_probe+0x14 __device_attach+0xfc bus_for_each_drv+0x10c __device_attach_driver+0x14c driver_probe_device+0x3c __driver_probe_device+0xa0 really_probe+0x190 hid_device_probe+0x130 ps_probe+0x990 ps_led_register+0x94 devm_led_classdev_register_ext+0x58 led_classdev_register_ext+0x1f8 device_create_with_groups+0x48 device_create_groups_vargs+0xc8 device_add+0x244 kobject_uevent+0x14 kobject_uevent_env[jt]+0x224 mutex_unlock[jt]+0xc4 __mutex_unlock_slowpath+0xd4 wake_up_q+0x70 try_to_wake_up[jt]+0x48c preempt_schedule_common+0x28 __schedule+0x628 __switch_to+0x174 el0t_64_sync+0x1a8/0x1ac el0t_64_sync_handler+0x68/0xbc el0_svc+0x38/0x68 do_el0_svc+0x1c/0x28 el0_svc_common+0x80/0xe0 invoke_syscall+0x58/0x114 __arm64_sys_read+0x1c/0x2c ksys_read+0x78/0xe8 vfs_read+0x1e0/0x2c8 kernfs_fop_read_iter+0x68/0x1b4 seq_read_iter+0x158/0x4ec kernfs_seq_show+0x44/0x54 sysfs_kf_seq_show+0xb4/0x130 dev_attr_show+0x38/0x74 brightness_show+0x20/0x4c dualshock4_led_get_brightness+0xc/0x74 [ 3313.874295][ T4013] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060 [ 3313.874301][ T4013] Mem abort info: [ 3313.874303][ T4013] ESR = 0x0000000096000006 [ 3313.874305][ T4013] EC = 0x25: DABT (current EL), IL = 32 bits [ 3313.874307][ T4013] SET = 0, FnV = 0 [ 3313.874309][ T4013] EA = 0, S1PTW = 0 [ 3313.874311][ T4013] FSC = 0x06: level 2 translation fault [ 3313.874313][ T4013] Data abort info: [ 3313.874314][ T4013] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000 [ 3313.874316][ T4013] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 3313.874318][ T4013] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 3313.874320][ T4013] user pgtable: 4k pages, 39-bit VAs, pgdp=00000008f2b0a000 .. [ 3313.874332][ T4013] Dumping ftrace buffer: [ 3313.874334][ T4013] (ftrace buffer empty) .. .. [ dd3313.874639][ T4013] CPU: 6 PID: 4013 Comm: InputReader [ 3313.874648][ T4013] pc : dualshock4_led_get_brightness+0xc/0x74 [ 3313.874653][ T4013] lr : led_update_brightness+0x38/0x60 [ 3313.874656][ T4013] sp : ffffffc0b910bbd0 .. .. [ 3313.874685][ T4013] Call trace: [ 3313.874687][ T4013] dualshock4_led_get_brightness+0xc/0x74 [ 3313.874690][ T4013] brightness_show+0x20/0x4c [ 3313.874692][ T4013] dev_attr_show+0x38/0x74 [ 3313.874696][ T4013] sysfs_kf_seq_show+0xb4/0x130 [ 3313.874700][ T4013] kernfs_seq_show+0x44/0x54 [ 3313.874703][ T4013] seq_read_iter+0x158/0x4ec [ 3313.874705][ T4013] kernfs_fop_read_iter+0x68/0x1b4 [ 3313.874708][ T4013] vfs_read+0x1e0/0x2c8 [ 3313.874711][ T4013] ksys_read+0x78/0xe8 [ 3313.874714][ T4013] __arm64_sys_read+0x1c/0x2c [ 3313.874718][ T4013] invoke_syscall+0x58/0x114 [ 3313.874721][ T4013] el0_svc_common+0x80/0xe0 [ 3313.874724][ T4013] do_el0_svc+0x1c/0x28 [ 3313.874727][ T4013] el0_svc+0x38/0x68 [ 3313.874730][ T4013] el0t_64_sync_handler+0x68/0xbc [ 3313.874732][ T4013] el0t_64_sync+0x1a8/0x1ac
AI-Powered Analysis
Technical Analysis
CVE-2024-56587 is a vulnerability identified in the Linux kernel's LED subsystem, specifically within the led_class device handling code. The flaw arises due to a lack of proper synchronization when accessing the led_cdev structure's attributes, particularly in the brightness_show() and max_brightness_show() functions. The root cause is a NULL pointer dereference triggered when two processes concurrently interact with the LED class device: Process A adds a HID device that results in adding a led_cdev, while Process B simultaneously accesses led_cdev attributes. Without proper locking, Process B may dereference a NULL pointer leading to a kernel crash (NULL pointer dereference). The fix involves protecting access to led_cdev and its attributes with the led_access mutex, ensuring serialized access and preventing race conditions. The vulnerability is demonstrated by kernel oops logs showing a crash in dualshock4_led_get_brightness(), indicating that the issue can manifest during device attribute reads via sysfs. This vulnerability affects Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and was publicly disclosed on December 27, 2024. No known exploits are reported in the wild yet, and no CVSS score has been assigned. The vulnerability is a classic race condition leading to a NULL pointer dereference and consequent denial of service (kernel panic).
Potential Impact
For European organizations, this vulnerability primarily poses a risk of denial of service on Linux-based systems that utilize HID devices with LED class devices, such as embedded systems, IoT devices, or servers with specific hardware interfaces. The kernel crash caused by the NULL pointer dereference can lead to system instability, unexpected reboots, or downtime, impacting availability. Confidentiality and integrity impacts are minimal as the vulnerability does not directly allow privilege escalation or arbitrary code execution. However, disruption of critical infrastructure or services running on affected Linux systems could have operational and financial consequences. Organizations relying on Linux kernels with the affected versions, especially those using HID devices with LED indicators (e.g., gaming peripherals, industrial controllers), may experience service interruptions. Given the Linux kernel's widespread use in European data centers, telecommunications, and industrial control systems, the vulnerability could affect a broad range of sectors if exploited or triggered inadvertently.
Mitigation Recommendations
1. Apply the official Linux kernel patches that introduce the led_access mutex protection to the led_cdev structure as soon as they are available from trusted sources or Linux distributions. 2. For organizations unable to immediately patch, implement kernel live patching solutions if supported by their environment to minimize downtime. 3. Restrict access to HID devices and related sysfs interfaces to trusted users and processes to reduce the risk of concurrent access triggering the vulnerability. 4. Monitor kernel logs for signs of NULL pointer dereferences or kernel panics related to led_class devices to detect potential exploitation or accidental triggering. 5. Conduct thorough testing of HID device drivers and LED class device interactions in staging environments to identify any race conditions or instability before production deployment. 6. Maintain updated inventories of Linux kernel versions and hardware peripherals to prioritize patching and risk assessment. 7. Employ system hardening and kernel security modules (e.g., SELinux, AppArmor) to limit the impact of kernel crashes and improve system resilience.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-27T14:03:06.002Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbdf317
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 6/28/2025, 12:10:50 PM
Last updated: 8/18/2025, 11:31:58 PM
Views: 12
Related Threats
CVE-2025-38742: CWE-732: Incorrect Permission Assignment for Critical Resource in Dell iDRAC Service Module (iSM)
MediumCVE-2025-38743: CWE-805: Buffer Access with Incorrect Length Value in Dell iDRAC Service Module (iSM)
HighCVE-2025-52351: n/a
HighCVE-2025-52352: n/a
HighPre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.