CVE-2024-57991

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()

During rtw89_entity_recalc_mgnt_roles(), there is a normalizing process which will re-order the list if an entry with target pattern is found. And once one is found, should have aborted the list_for_each_entry. But, break just aborted the inner for-loop. The outer list_for_each_entry still continues. Normally, only the first entry will match the target pattern, and the re-ordering will change nothing, so there won't be soft lockup. However, in some special cases, soft lockup would happen.

Fix it by goto fill to break from the list_for_each_entry.

The following is a sample of kernel log for this problem.

watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [wpa_supplicant:2055] […] RIP: 0010:rtw89_entity_recalc ([…] chan.c:392 chan.c:479) rtw89_core […]

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0007546cb406be0dddf3d43f07683825affc6d4d < 223ba95fdcd3c6090e2bd51dce66abb6dd4f9df9affected
LinuxLinux68ec751b288178de7d19b71ea61648269a35b8cd < 01d2d34e9fcc9897081c3c16a666f793c8a38c58affected
LinuxLinux68ec751b288178de7d19b71ea61648269a35b8cd < e4790b3e314a4814f1680a5dc552031fb199b878affected
LinuxLinux6.13affected
LinuxLinux0 < 6.13unaffected
LinuxLinux6.13.2 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References