CVE-2024-49938

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the wifi: ath9k htc module, where the skb trim() function has a sanity check on the existing length of the skb, which can be uninitialized in some error paths. The intent is to reset the length to zero before resubmitting, so the code has been changed to call skb set length(skb, 0) directly. This change also removes a redundant call to skb reset tail pointer(). The vulnerability was reported by Syzbot and affects the ath9k hif usb reg in cb() and ath9k hif usb rx cb() functions.

Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the ath9k htc module until a patch is available. Restrict access to the vulnerable ath9k hif usb reg in cb() and ath9k hif usb rx cb() functions to minimize the risk of exploitation. Avoid using the skb trim() function in the affected code paths until the issue is resolved.