PT-2024-33772 · Linux+8 · Linux Kernel+8
Karthikeyan Periyasamy
·
Published
2024-07-10
·
Updated
2025-09-29
·
CVE-2024-49930
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.58
Description:
The issue is related to an array out-of-bounds access in the SoC stats of the wifi: ath11k module. The
ath11k soc dp stats::hal reo error array is defined with a maximum size of DP REO DST RING MAX. However, the ath11k dp process rx() function accesses this array using the REO destination SRNG ring ID, which is incorrect. This leads to out-of-bounds array access. The fix involves modifying the ath11k dp process rx() function to use the normal ring ID directly instead of the SRNG ring ID.Recommendations:
To resolve the issue, update the Linux kernel to version 6.6.58 or later. As a temporary workaround, consider modifying the
ath11k dp process rx() function to use the normal ring ID directly instead of the SRNG ring ID to avoid out-of-bounds array access.Exploit
Fix
Improper Validation of Array Index
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu