PT-2024-32730 · Linux+7 · Linux Kernel+7
Published
2024-10-09
·
Updated
2025-05-28
·
CVE-2024-47672
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.58
Description
A vulnerability has been resolved in the Linux kernel related to the iwlwifi driver. The issue occurs when the firmware is declared dead, and the kernel waits for TX queues to become empty, resulting in a WARNING in the
iwl trans wait tx queues empty() function. To address this, the kernel will no longer call iwl trans wait tx queues empty() when the firmware is dead. However, the flush functions will continue to run to perform maintenance work unrelated to the firmware.Recommendations
For Linux kernel versions prior to 6.6.58, upgrade to version 6.6.58 or later to mitigate the risk of local attackers elevating permissions. As a temporary workaround, consider disabling the
iwl trans wait tx queues empty() function until a patch is available. Restrict access to the iwlwifi driver to minimize the risk of exploitation. Avoid using the iwlwifi driver in sensitive environments until the issue is resolved.Exploit
Fix
Memory Leak
Improper Locking
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu