CVE-2024-58096

MEDIUM EPSS 6.4%
Published Apr 16, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 16, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode ath11k_hal_srng_* should be used with srng->lock to protect srng data. For ath11k_dp_rx_mon_dest_process() and ath11k_dp_full_mon_process_rx(), they use ath11k_hal_srng_* for many times but never call srng->lock. So when running (full) monitor mode, warning will occur: RIP: 0010:ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k] Call Trace: ? ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k] ath11k_dp_rx_process_mon_status+0xc45/0x1190 [ath11k] ? idr_alloc_u32+0x97/0xd0 ath11k_dp_rx_process_mon_rings+0x32a/0x550 [ath11k] ath11k_dp_service_srng+0x289/0x5a0 [ath11k] ath11k_pcic_ext_grp_napi_poll+0x30/0xd0 [ath11k] __napi_poll+0x30/0x1f0 net_rx_action+0x198/0x320 __do_softirq+0xdd/0x319 So add srng->lock for them to avoid such warnings. Inorder to fetch the srng->lock, should change srng's definition from 'void' to 'struct hal_srng'. And initialize them elsewhere to prevent one line of code from being too long. This is consistent with other ring process functions, such as ath11k_dp_process_rx(). Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30 Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
6.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 1

VendorProductVersionRange
linuxlinux_kernel*≥5.6  –  <6.14.2

References 4

  • git.kernel.org https://git.kernel.org/stable/c/1d2178918efc928e11bed9631469ef79ff0a862a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/27ca8004ba93a0665faa6d477eaeb551e03de6c8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/63b7af49496d0e32f7a748b6af3361ec138b1bd3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b85758e76b6452740fc2a08ced6759af64c0d59a
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1d2178918efc928e11bed9631469ef79ff0a862a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/27ca8004ba93a0665faa6d477eaeb551e03de6c8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/63b7af49496d0e32f7a748b6af3361ec138b1bd3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b85758e76b6452740fc2a08ced6759af64c0d59a
    Patch