CVE-2024-43881
HIGH EPSS 12.1%
Published Aug 21, 20241y ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
Published Aug 21, 2024 1y ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: change DMA direction while mapping reinjected packets For fragmented packets, ath12k reassembles each fragment as a normal packet and then reinjects it into HW ring. In this case, the DMA direction should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise, an invalid payload may be reinjected into the HW and subsequently delivered to the host. Given that arbitrary memory can be allocated to the skb buffer, knowledge about the data contained in the reinjected buffer is lacking. Consequently, there’s a risk of private information being leaked. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
12.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-668
Affected Products 2
References 3
- git.kernel.org https://git.kernel.org/stable/c/33322e3ef07409278a18c6919c448e369d66a18e
- git.kernel.org https://git.kernel.org/stable/c/6925320fcd40d8042d32bf4ede8248e7a5315c3b
- git.kernel.org https://git.kernel.org/stable/c/e99d9b16ff153de9540073239d24adc3b0a3a997
Remediation
- git.kernel.org https://git.kernel.org/stable/c/33322e3ef07409278a18c6919c448e369d66a18e
- git.kernel.org https://git.kernel.org/stable/c/6925320fcd40d8042d32bf4ede8248e7a5315c3b
- git.kernel.org https://git.kernel.org/stable/c/e99d9b16ff153de9540073239d24adc3b0a3a997