CVE-2024-49930

HIGH EPSS 17.1%
Published Oct 21, 20241y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Oct 21, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix array out-of-bound access in SoC stats Currently, the ath11k_soc_dp_stats::hal_reo_error array is defined with a maximum size of DP_REO_DST_RING_MAX. However, the ath11k_dp_process_rx() function access ath11k_soc_dp_stats::hal_reo_error using the REO destination SRNG ring ID, which is incorrect. SRNG ring ID differ from normal ring ID, and this usage leads to out-of-bounds array access. To fix this issue, modify ath11k_dp_process_rx() to use the normal ring ID directly instead of the SRNG ring ID to avoid out-of-bounds array access. Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
17.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-129

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel* <5.10.227
linuxlinux_kernel*≥5.11  –  <5.15.168
linuxlinux_kernel*≥5.16  –  <6.1.113
linuxlinux_kernel*≥6.2  –  <6.6.55
linuxlinux_kernel*≥6.7  –  <6.10.14
linuxlinux_kernel*≥6.11  –  <6.11.3

References 11

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-265688.html
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-355557.html
  • git.kernel.org https://git.kernel.org/stable/c/01b77f5ee11c89754fb836af8f76799d3b72ae2f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0f26f26944035ec67546a944f182cbad6577a9c0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4dd732893bd38cec51f887244314e2b47f0d658f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6045ef5b4b00fee3629689f791992900a1c94009
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/69f253e46af98af17e3efa3e5dfa72fcb7d1983d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/73e235728e515faccc104b0153b47d0f263b3344
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7a552bc2f3efe2aaf77a85cb34cdf4a63d81a1a7
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/01b77f5ee11c89754fb836af8f76799d3b72ae2f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0f26f26944035ec67546a944f182cbad6577a9c0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4dd732893bd38cec51f887244314e2b47f0d658f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6045ef5b4b00fee3629689f791992900a1c94009
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/69f253e46af98af17e3efa3e5dfa72fcb7d1983d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/73e235728e515faccc104b0153b47d0f263b3344
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7a552bc2f3efe2aaf77a85cb34cdf4a63d81a1a7
    Patch