What is CVE-2024-56671?

CVE-2024-56671 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10, affecting Linux kernel versions from 6.10 onward and patched in 6.12.6 and 6.13. CVE-2024-56671 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-56671?

CVE-2024-56671 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-56671?

Yes, CVE-2024-56671 has been patched. Fixed versions include 6.12.6 and 6.13. If you are running Linux kernel 6.10 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2024-56671 actively exploited?

CVE-2024-56671 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-56671

Medium

In the Linux kernel, the following vulnerability has been resolved: gpio: graniterapids: Fix vGPIO driver crash Move setting irq_chip.name from probe() function to the initialization of "irq_chip" struct in order to fix vGPIO driver crash during bootup. Crash was caused by unauthorized modification of irq_chip.name field where irq_chip struct was initialized as const. This behavior is a consequence of suboptimal implementation of gpio_irq_chip_set_chip(), which should be changed to avoid casting away const qualifier. Crash log: BUG: unable to handle page fault for address: ffffffffc0ba81c0 /#PF: supervisor write access in kernel mode /#PF: error_code(0x0003) - permissions violation CPU: 33 UID: 0 PID: 1075 Comm: systemd-udevd Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7 #1 Hardware name: Intel Corporation Kaseyville RP/Kaseyville RP, BIOS KVLDCRB1.PGS.0026.D73.2410081258 10/08/2024 RIP: 0010:gnr_gpio_probe+0x171/0x220 [gpio_graniterapids]

Package Linux Kernel

Published 2024-12-27

Last modified 2025-10-01

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected versions

Linux kernel versions 6.10 and later are affected. Fixed in 6.12.6, 6.13 and their respective stable series.

Affected from

≥ 6.10

Fixed in

✓ 6.12.6 6.12.x ✓ 6.13

References

The following references provide additional information about CVE-2024-56671 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/e631cab10c6b287a33c35953e6dbda1f7f89bc1f
Patch
Kernel patch commit
https://git.kernel.org/stable/c/eb9640fd1ce666610b77f5997596e9570a36378f
Patch

Details

CVE ID CVE-2024-56671

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-12-27

Modified 2025-10-01

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2024-56671?

CVE-2024-56671 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . It affects Linux kernel versions from 6.10 onward and has been patched in 6.12.6 and 6.13. CVE-2024-56671 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-56671?

CVE-2024-56671 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-56671?

Yes — CVE-2024-56671 has been patched. Fixed versions include 6.12.6 and 6.13. If you are running Linux kernel 6.10 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2024-56671 actively exploited?

No — CVE-2024-56671 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.