CVE-2024-47715

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58

Description A vulnerability in the Linux kernel has been resolved, specifically in the wifi: mt76: mt7915 module. The issue occurred when mt7915 band config() set band idx = 1 on the main phy for mt7986 devices with MT7975 ONE ADIE or MT7976 ONE ADIE. This caused a dereference of the phys array indirectly indexed by band idx via wcid->phy idx in mt76 wcid cleanup(), leading to an Oops on affected mt7986 devices. The vulnerability was introduced by a commit that fixed a race condition related to checking tx queue fill status. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.58 or later. As a temporary workaround, consider disabling the mt76 wcid cleanup() function until a patch is available. Restrict access to the vulnerable module mt7915e to minimize the risk of exploitation. Avoid using the band idx variable in the affected API endpoint until the issue is resolved. At the moment, there is no other information about additional mitigation measures.