CVE-2024-57992

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version containing the fix for the issue described

Description A specific error path in probe functions in wilc drivers can lead to a kernel panic. This issue is due to a recent change decoupling wiphy allocation from wiphy registration, but the wilc netdev cleanup function has not been updated accordingly, allowing it to possibly call wiphy unregister on a wiphy that has never been registered. The issue can be reproduced by not wiring a wilc device correctly through SPI, making it unresponsive to early SPI commands.

Recommendations To resolve the issue, move wiphy unregister and wiphy free out of wilc netdev cleanup, and adjust error paths in both drivers. As a temporary workaround, consider disabling the wilc netdev cleanup function until a patch is available. Restrict access to the vulnerable wilc1000 module to minimize the risk of exploitation. Avoid using the wilc1000 driver with SPI devices that are not properly wired until the issue is resolved.