PT-2024-33773 · Linux+4 · Linux Kernel+4

Kalle Valo

+1

·

Published

2024-07-10

·

Updated

2026-05-26

·

CVE-2024-49931

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58
Description: The issue is related to an array out-of-bounds access in the SoC stats of the ath12k wifi driver. The ath12k soc dp stats::hal reo error array is defined with a maximum size of DP REO DST RING MAX. However, the ath12k dp rx process() function accesses this array using the REO destination SRNG ring ID, which is incorrect. This leads to out-of-bounds array access. The fix involves modifying the ath12k dp rx process() function to use the normal ring ID directly instead of the SRNG ring ID.
Recommendations: To resolve the issue, update the Linux kernel to version 6.6.58 or later. As a temporary workaround, consider modifying the ath12k dp rx process() function to use the normal ring ID directly instead of the SRNG ring ID to avoid out-of-bounds array access. Restrict access to the vulnerable ath12k soc dp stats::hal reo error array to minimize the risk of exploitation.

Exploit

Fix

Improper Validation of Array Index

Weakness Enumeration

CWE-129

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-14046
BDU:2025-06994
CVE-2024-49931
MGASA-2024-0344
MGASA-2024-0345
OESA-2024-2367
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3986-1
OPENSUSE-SU-2025:14705-1
SUSE-SU-2024:3984-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7276-1
USN-7277-1
USN-7301-1
USN-7303-1
USN-7303-2
USN-7303-3
USN-7304-1
USN-7310-1
USN-7311-1
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7403-1
USN-7468-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Suse
Ubuntu