CVE-2024-40979

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The vulnerability is related to the handling of QMI target memory during resume, resulting in a kernel crash when DMA remap is not supported. The issue occurs when the ath12k module is loaded and firmware sends a memory request to the host. If DMA remap is not supported, the allocation of large segment sizes fails, and the firmware retries with smaller sizes. However, during the freeing of allocated segments, a size mismatch occurs, causing the kernel to crash.

The ath12k qmi free target mem chunk() function is called to free all allocated segments, but the first segment is skipped due to its v.addr being cleared. This results in a memory leak. When freeing the second segment, a size of 8454144 is passed to dma free coherent(), but the real size of the segment is 524288, which is much smaller. As a result, the kernel attempts to free memory that is still in use, leading to a crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.