CVE-2024-58096
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode
ath11k_hal_srng_* should be used with srng->lock to protect srng data.
For ath11k_dp_rx_mon_dest_process() and ath11k_dp_full_mon_process_rx(), they use ath11k_hal_srng_* for many times but never call srng->lock.
So when running (full) monitor mode, warning will occur: RIP: 0010:ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k] Call Trace: ? ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k] ath11k_dp_rx_process_mon_status+0xc45/0x1190 [ath11k] ? idr_alloc_u32+0x97/0xd0 ath11k_dp_rx_process_mon_rings+0x32a/0x550 [ath11k] ath11k_dp_service_srng+0x289/0x5a0 [ath11k] ath11k_pcic_ext_grp_napi_poll+0x30/0xd0 [ath11k] __napi_poll+0x30/0x1f0 net_rx_action+0x198/0x320 __do_softirq+0xdd/0x319
So add srng->lock for them to avoid such warnings.
Inorder to fetch the srng->lock, should change srng's definition from 'void' to 'struct hal_srng'. And initialize them elsewhere to prevent one line of code from being too long. This is consistent with other ring process functions, such as ath11k_dp_process_rx().
Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30 Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | d5c65159f2895379e11ca13f62feabe93278985d < 27ca8004ba93a0665faa6d477eaeb551e03de6c8 | affected |
| Linux | Linux | d5c65159f2895379e11ca13f62feabe93278985d < 1d2178918efc928e11bed9631469ef79ff0a862a | affected |
| Linux | Linux | d5c65159f2895379e11ca13f62feabe93278985d < b85758e76b6452740fc2a08ced6759af64c0d59a | affected |
| Linux | Linux | d5c65159f2895379e11ca13f62feabe93278985d < 63b7af49496d0e32f7a748b6af3361ec138b1bd3 | affected |
| Linux | Linux | 5.6 | affected |
| Linux | Linux | 0 < 5.6 | unaffected |
| Linux | Linux | 6.6.123 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.69 <= 6.12.* | unaffected |
| Linux | Linux | 6.14.2 <= 6.14.* | unaffected |
| Linux | Linux | 6.15 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/27ca8004ba93a0665faa6d477eaeb551e03de6c8
- https://git.kernel.org/stable/c/1d2178918efc928e11bed9631469ef79ff0a862a
- https://git.kernel.org/stable/c/b85758e76b6452740fc2a08ced6759af64c0d59a
- https://git.kernel.org/stable/c/63b7af49496d0e32f7a748b6af3361ec138b1bd3
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.