CVE-2024-47673

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58

Description A vulnerability in the Linux kernel has been resolved, related to the wifi: iwlwifi: mvm module. The issue occurs when the firmware is stopped, and the host command is sent to the transport, triggering a WARNING. The vulnerability is caused by not pausing the TCM when the firmware is stopped. Technical details include the iwl trans send cmd function and the iwl mvm send cmd function being involved in the issue.

Recommendations For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the wifi: iwlwifi: mvm module until a patch is available. Restrict access to the vulnerable iwl trans send cmd and iwl mvm send cmd functions to minimize the risk of exploitation. Avoid using the affected kernel versions in production environments until the update is applied.