CVE-2024-56588: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Create all dump files during debugfs initialization For the current debugfs of hisi_sas, after user triggers dump, the driver allocate memory space to save the register information and create debugfs files to display the saved information. In this process, the debugfs files created after each dump. Therefore, when the dump is triggered while the driver is unbind, the following hang occurs: [67840.853907] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0 [67840.862947] Mem abort info: [67840.865855] ESR = 0x0000000096000004 [67840.869713] EC = 0x25: DABT (current EL), IL = 32 bits [67840.875125] SET = 0, FnV = 0 [67840.878291] EA = 0, S1PTW = 0 [67840.881545] FSC = 0x04: level 0 translation fault [67840.886528] Data abort info: [67840.889524] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [67840.895117] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [67840.900284] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [67840.905709] user pgtable: 4k pages, 48-bit VAs, pgdp=0000002803a1f000 [67840.912263] [00000000000000a0] pgd=0000000000000000, p4d=0000000000000000 [67840.919177] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [67840.996435] pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [67841.003628] pc : down_write+0x30/0x98 [67841.007546] lr : start_creating.part.0+0x60/0x198 [67841.012495] sp : ffff8000b979ba20 [67841.016046] x29: ffff8000b979ba20 x28: 0000000000000010 x27: 0000000000024b40 [67841.023412] x26: 0000000000000012 x25: ffff20202b355ae8 x24: ffff20202b35a8c8 [67841.030779] x23: ffffa36877928208 x22: ffffa368b4972240 x21: ffff8000b979bb18 [67841.038147] x20: ffff00281dc1e3c0 x19: fffffffffffffffe x18: 0000000000000020 [67841.045515] x17: 0000000000000000 x16: ffffa368b128a530 x15: ffffffffffffffff [67841.052888] x14: ffff8000b979bc18 x13: ffffffffffffffff x12: ffff8000b979bb18 [67841.060263] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffa368b1289b18 [67841.067640] x8 : 0000000000000012 x7 : 0000000000000000 x6 : 00000000000003a9 [67841.075014] x5 : 0000000000000000 x4 : ffff002818c5cb00 x3 : 0000000000000001 [67841.082388] x2 : 0000000000000000 x1 : ffff002818c5cb00 x0 : 00000000000000a0 [67841.089759] Call trace: [67841.092456] down_write+0x30/0x98 [67841.096017] start_creating.part.0+0x60/0x198 [67841.100613] debugfs_create_dir+0x48/0x1f8 [67841.104950] debugfs_create_files_v3_hw+0x88/0x348 [hisi_sas_v3_hw] [67841.111447] debugfs_snapshot_regs_v3_hw+0x708/0x798 [hisi_sas_v3_hw] [67841.118111] debugfs_trigger_dump_v3_hw_write+0x9c/0x120 [hisi_sas_v3_hw] [67841.125115] full_proxy_write+0x68/0xc8 [67841.129175] vfs_write+0xd8/0x3f0 [67841.132708] ksys_write+0x70/0x108 [67841.136317] __arm64_sys_write+0x24/0x38 [67841.140440] invoke_syscall+0x50/0x128 [67841.144385] el0_svc_common.constprop.0+0xc8/0xf0 [67841.149273] do_el0_svc+0x24/0x38 [67841.152773] el0_svc+0x38/0xd8 [67841.156009] el0t_64_sync_handler+0xc0/0xc8 [67841.160361] el0t_64_sync+0x1a4/0x1a8 [67841.164189] Code: b9000882 d2800002 d2800023 f9800011 (c85ffc05) [67841.170443] ---[ end trace 0000000000000000 ]--- To fix this issue, create all directories and files during debugfs initialization. In this way, the driver only needs to allocate memory space to save information each time the user triggers dumping.
AI Analysis
Technical Summary
CVE-2024-56588 is a vulnerability in the Linux kernel specifically affecting the hisi_sas driver, which is responsible for handling SAS (Serial Attached SCSI) devices on Huawei's HiSilicon hardware platforms. The issue arises in the debugfs interface of the hisi_sas driver. Normally, when a user triggers a dump via debugfs, the driver allocates memory to save register information and creates debugfs files dynamically to display this data. However, if a dump is triggered while the driver is unbinding (i.e., during device removal or driver unload), the driver attempts to create debugfs files that no longer have valid backing structures, leading to a NULL pointer dereference and a kernel panic (system hang). The kernel logs show an 'Oops' error with a NULL pointer dereference at address 0xA0, indicating an invalid memory access during the debugfs file creation process. The root cause is that debugfs files are created on-demand during each dump rather than being pre-created during initialization. The fix involves creating all necessary debugfs directories and files during the driver's initialization phase, so that subsequent dumps only allocate memory for register data without creating new debugfs entries. This prevents the race condition and invalid memory access during unbind. The vulnerability affects specific Linux kernel versions containing the hisi_sas driver implementation prior to the fix. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet. The vulnerability can cause system instability and denial of service (DoS) due to kernel panics triggered by user actions on debugfs while the driver is unbinding.
Potential Impact
For European organizations running Linux systems on hardware platforms using the hisi_sas driver (notably Huawei HiSilicon-based servers or storage appliances), this vulnerability can lead to kernel panics and system hangs. This results in denial of service, potentially disrupting critical storage operations and impacting availability of services relying on SAS storage devices. The vulnerability requires local user interaction to trigger a dump via debugfs, so it is less likely to be exploited remotely but could be leveraged by malicious insiders or attackers with local access. In environments with automated monitoring or management scripts that trigger debug dumps, the vulnerability could cause unintended outages. Given the increasing adoption of Linux in enterprise and cloud infrastructure across Europe, any disruption in storage subsystems can have significant operational and financial impacts. Additionally, organizations in sectors with high availability requirements such as finance, telecommunications, and public services could be particularly affected. Although no data confidentiality or integrity breach is indicated, the availability impact alone warrants prompt mitigation.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-56588 by modifying the hisi_sas driver to create all debugfs files during initialization rather than on-demand. Monitor Linux kernel mailing lists and vendor advisories for updated kernel releases containing this fix. 2. If patching immediately is not feasible, restrict access to debugfs interfaces for unprivileged users to prevent unauthorized triggering of dumps. This can be done by mounting debugfs with restricted permissions or using Linux security modules (e.g., SELinux, AppArmor) to limit access. 3. Implement monitoring to detect kernel panics or system hangs related to hisi_sas activity and debugfs usage, enabling rapid incident response. 4. Review and audit any automated scripts or tools that trigger debugfs dumps to ensure they do not run during driver unbind or device removal operations. 5. For critical systems, consider isolating or segmenting hardware using the hisi_sas driver to limit blast radius in case of exploitation. 6. Engage with hardware vendors to confirm if firmware or driver updates are available that incorporate this fix and plan coordinated patching cycles.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
CVE-2024-56588: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Create all dump files during debugfs initialization For the current debugfs of hisi_sas, after user triggers dump, the driver allocate memory space to save the register information and create debugfs files to display the saved information. In this process, the debugfs files created after each dump. Therefore, when the dump is triggered while the driver is unbind, the following hang occurs: [67840.853907] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0 [67840.862947] Mem abort info: [67840.865855] ESR = 0x0000000096000004 [67840.869713] EC = 0x25: DABT (current EL), IL = 32 bits [67840.875125] SET = 0, FnV = 0 [67840.878291] EA = 0, S1PTW = 0 [67840.881545] FSC = 0x04: level 0 translation fault [67840.886528] Data abort info: [67840.889524] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [67840.895117] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [67840.900284] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [67840.905709] user pgtable: 4k pages, 48-bit VAs, pgdp=0000002803a1f000 [67840.912263] [00000000000000a0] pgd=0000000000000000, p4d=0000000000000000 [67840.919177] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [67840.996435] pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [67841.003628] pc : down_write+0x30/0x98 [67841.007546] lr : start_creating.part.0+0x60/0x198 [67841.012495] sp : ffff8000b979ba20 [67841.016046] x29: ffff8000b979ba20 x28: 0000000000000010 x27: 0000000000024b40 [67841.023412] x26: 0000000000000012 x25: ffff20202b355ae8 x24: ffff20202b35a8c8 [67841.030779] x23: ffffa36877928208 x22: ffffa368b4972240 x21: ffff8000b979bb18 [67841.038147] x20: ffff00281dc1e3c0 x19: fffffffffffffffe x18: 0000000000000020 [67841.045515] x17: 0000000000000000 x16: ffffa368b128a530 x15: ffffffffffffffff [67841.052888] x14: ffff8000b979bc18 x13: ffffffffffffffff x12: ffff8000b979bb18 [67841.060263] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffa368b1289b18 [67841.067640] x8 : 0000000000000012 x7 : 0000000000000000 x6 : 00000000000003a9 [67841.075014] x5 : 0000000000000000 x4 : ffff002818c5cb00 x3 : 0000000000000001 [67841.082388] x2 : 0000000000000000 x1 : ffff002818c5cb00 x0 : 00000000000000a0 [67841.089759] Call trace: [67841.092456] down_write+0x30/0x98 [67841.096017] start_creating.part.0+0x60/0x198 [67841.100613] debugfs_create_dir+0x48/0x1f8 [67841.104950] debugfs_create_files_v3_hw+0x88/0x348 [hisi_sas_v3_hw] [67841.111447] debugfs_snapshot_regs_v3_hw+0x708/0x798 [hisi_sas_v3_hw] [67841.118111] debugfs_trigger_dump_v3_hw_write+0x9c/0x120 [hisi_sas_v3_hw] [67841.125115] full_proxy_write+0x68/0xc8 [67841.129175] vfs_write+0xd8/0x3f0 [67841.132708] ksys_write+0x70/0x108 [67841.136317] __arm64_sys_write+0x24/0x38 [67841.140440] invoke_syscall+0x50/0x128 [67841.144385] el0_svc_common.constprop.0+0xc8/0xf0 [67841.149273] do_el0_svc+0x24/0x38 [67841.152773] el0_svc+0x38/0xd8 [67841.156009] el0t_64_sync_handler+0xc0/0xc8 [67841.160361] el0t_64_sync+0x1a4/0x1a8 [67841.164189] Code: b9000882 d2800002 d2800023 f9800011 (c85ffc05) [67841.170443] ---[ end trace 0000000000000000 ]--- To fix this issue, create all directories and files during debugfs initialization. In this way, the driver only needs to allocate memory space to save information each time the user triggers dumping.
AI-Powered Analysis
Technical Analysis
CVE-2024-56588 is a vulnerability in the Linux kernel specifically affecting the hisi_sas driver, which is responsible for handling SAS (Serial Attached SCSI) devices on Huawei's HiSilicon hardware platforms. The issue arises in the debugfs interface of the hisi_sas driver. Normally, when a user triggers a dump via debugfs, the driver allocates memory to save register information and creates debugfs files dynamically to display this data. However, if a dump is triggered while the driver is unbinding (i.e., during device removal or driver unload), the driver attempts to create debugfs files that no longer have valid backing structures, leading to a NULL pointer dereference and a kernel panic (system hang). The kernel logs show an 'Oops' error with a NULL pointer dereference at address 0xA0, indicating an invalid memory access during the debugfs file creation process. The root cause is that debugfs files are created on-demand during each dump rather than being pre-created during initialization. The fix involves creating all necessary debugfs directories and files during the driver's initialization phase, so that subsequent dumps only allocate memory for register data without creating new debugfs entries. This prevents the race condition and invalid memory access during unbind. The vulnerability affects specific Linux kernel versions containing the hisi_sas driver implementation prior to the fix. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet. The vulnerability can cause system instability and denial of service (DoS) due to kernel panics triggered by user actions on debugfs while the driver is unbinding.
Potential Impact
For European organizations running Linux systems on hardware platforms using the hisi_sas driver (notably Huawei HiSilicon-based servers or storage appliances), this vulnerability can lead to kernel panics and system hangs. This results in denial of service, potentially disrupting critical storage operations and impacting availability of services relying on SAS storage devices. The vulnerability requires local user interaction to trigger a dump via debugfs, so it is less likely to be exploited remotely but could be leveraged by malicious insiders or attackers with local access. In environments with automated monitoring or management scripts that trigger debug dumps, the vulnerability could cause unintended outages. Given the increasing adoption of Linux in enterprise and cloud infrastructure across Europe, any disruption in storage subsystems can have significant operational and financial impacts. Additionally, organizations in sectors with high availability requirements such as finance, telecommunications, and public services could be particularly affected. Although no data confidentiality or integrity breach is indicated, the availability impact alone warrants prompt mitigation.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-56588 by modifying the hisi_sas driver to create all debugfs files during initialization rather than on-demand. Monitor Linux kernel mailing lists and vendor advisories for updated kernel releases containing this fix. 2. If patching immediately is not feasible, restrict access to debugfs interfaces for unprivileged users to prevent unauthorized triggering of dumps. This can be done by mounting debugfs with restricted permissions or using Linux security modules (e.g., SELinux, AppArmor) to limit access. 3. Implement monitoring to detect kernel panics or system hangs related to hisi_sas activity and debugfs usage, enabling rapid incident response. 4. Review and audit any automated scripts or tools that trigger debugfs dumps to ensure they do not run during driver unbind or device removal operations. 5. For critical systems, consider isolating or segmenting hardware using the hisi_sas driver to limit blast radius in case of exploitation. 6. Engage with hardware vendors to confirm if firmware or driver updates are available that incorporate this fix and plan coordinated patching cycles.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-27T14:03:06.002Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbdf31b
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 6/28/2025, 12:11:18 PM
Last updated: 7/31/2025, 2:30:40 AM
Views: 11
Related Threats
CVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9087: Stack-based Buffer Overflow in Tenda AC20
HighTop Israeli Cybersecurity Director Arrested in US Child Exploitation Sting
HighCVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.