CVE-2024-49939

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: A vulnerability in the Linux kernel has been resolved, related to the wifi driver rtw89. The issue occurs when SER L2 happens during the WoWLAN resume flow, causing the add interface flow to be executed twice, resulting in a double add list and a kernel panic. The vulnerability is fixed by adding a check to prevent double adding of the list. The ieee80211 reconfig() function and rtw89 wow resume() return failure are involved in the issue.

Recommendations: To resolve the issue, update the Linux kernel to version 6.6.58 or later. As a temporary workaround, consider disabling the wifi driver rtw89 until a patch is available. Restrict access to the vulnerable ieee80211 reconfig() function to minimize the risk of exploitation. Avoid using the rtw89 wow resume() function in the affected API endpoint until the issue is resolved.