What is CVE-2024-56599?

CVE-2024-56599 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10, classified as a NULL Pointer Dereference flaw (CWE-476), affecting Linux kernel versions from 3.11 onward and patched in 5.10.237, 5.15.181, 6.1.127 and others. CVE-2024-56599 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-56599?

CVE-2024-56599 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-56599?

Yes, CVE-2024-56599 has been patched. Fixed versions include 5.10.237, 5.15.181, 6.1.127 and others. If you are running Linux kernel 3.11 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2024-56599 actively exploited?

CVE-2024-56599 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is NULL Pointer Dereference (CWE-476)?

The product dereferences a pointer that it expects to be valid but is NULL, typically causing a crash. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/476.html

CVE-2024-56599

Medium

In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: avoid NULL pointer error during sdio remove When running 'rmmod ath10k', ath10k_sdio_remove() will free sdio workqueue by destroy_workqueue(). But if CONFIG_INIT_ON_FREE_DEFAULT_ON is set to yes, kernel panic will happen: Call trace: destroy_workqueue+0x1c/0x258 ath10k_sdio_remove+0x84/0x94 sdio_bus_remove+0x50/0x16c device_release_driver_internal+0x188/0x25c device_driver_detach+0x20/0x2c This is because during 'rmmod ath10k', ath10k_sdio_remove() will call ath10k_core_destroy() before destroy_workqueue(). wiphy_dev_release() will finally be called in ath10k_core_destroy(). This function will free struct cfg80211_registered_device *rdev and all its members, including wiphy, dev and the pointer of sdio workqueue. Then the pointer of sdio workqueue will be set to NULL due to CONFIG_INIT_ON_FREE_DEFAULT_ON. After device release, destroy_workqueue() will use NULL pointer then the kernel panic happen. Call trace: ath10k_sdio_remove ->ath10k_core_unregister …… ->ath10k_core_stop ->ath10k_hif_stop ->ath10k_sdio_irq_disable ->ath10k_hif_power_down ->del_timer_sync(&ar_sdio->sleep_timer) ->ath10k_core_destroy ->ath10k_mac_destroy ->ieee80211_free_hw ->wiphy_free …… ->wiphy_dev_release ->destroy_workqueue Need to call destroy_workqueue() before ath10k_core_destroy(), free the work queue buffer first and then free pointer of work queue by ath10k_core_destroy(). This order matches the error path order in ath10k_sdio_probe(). No work will be queued on sdio workqueue between it is destroyed and ath10k_core_destroy() is called. Based on the call_stack above, the reason is: Only ath10k_sdio_sleep_timer_handler(), ath10k_sdio_hif_tx_sg() and ath10k_sdio_irq_disable() will queue work on sdio workqueue. Sleep timer will be deleted before ath10k_core_destroy() in ath10k_hif_power_down(). ath10k_sdio_irq_disable() only be called in ath10k_hif_stop(). ath10k_core_unregister() will call ath10k_hif_power_down() to stop hif bus, so ath10k_sdio_hif_tx_sg() won't be called anymore. Tested-on: QCA6174 hw3.2 SDIO WLAN.RMH.4.4.1-00189

Package Linux Kernel

Published 2024-12-27

Last modified 2025-11-03

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-476

CVE-2024-56599 is a NULL Pointer Dereference vulnerability

What is NULL Pointer Dereference?

The product dereferences a pointer that it expects to be valid but is NULL, typically causing a crash. Learn more on MITRE CWE

Affected versions

Linux kernel versions 3.11 and later are affected. Fixed in 5.10.237, 5.15.181, 6.1.127, 6.6.70, 6.12.5, 6.13 and their respective stable series.

Affected from

≥ 3.11

Fixed in

✓ 5.10.237 5.10.x ✓ 5.15.181 5.15.x ✓ 6.1.127 6.1.x ✓ 6.6.70 6.6.x ✓ 6.12.5 6.12.x ✓ 6.13

References

The following references provide additional information about CVE-2024-56599 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
Debian Security
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
Kernel patch commit
https://git.kernel.org/stable/c/27d5d217ae7ffb99dd623375a17a7d3418d9c755
Patch
Kernel patch commit
https://git.kernel.org/stable/c/27fda36eedad9e4ec795dc481f307901d1885112
Patch
Kernel patch commit
https://git.kernel.org/stable/c/543c0924d446b21f35701ca084d7feca09511220
Patch

6 patch commits total View all on NVD

Details

CVE ID CVE-2024-56599

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-12-27

Modified 2025-11-03

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2024-56599?

CVE-2024-56599 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 , classified as a NULL Pointer Dereference flaw (CWE-476) . It affects Linux kernel versions from 3.11 onward and has been patched in 5.10.237, 5.15.181, 6.1.127 and others. CVE-2024-56599 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-56599?

CVE-2024-56599 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-56599?

Yes — CVE-2024-56599 has been patched. Fixed versions include 5.10.237, 5.15.181, 6.1.127 and others. If you are running Linux kernel 3.11 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2024-56599 actively exploited?

No — CVE-2024-56599 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is NULL Pointer Dereference (CWE-476)?

The product dereferences a pointer that it expects to be valid but is NULL, typically causing a crash. View CWE-476 on MITRE CWE →