CVE-2024-58097
wifi: ath11k: fix RCU stall while reaping monitor destination ring
Published:
4/16/2025
Last updated:
10/1/2025
Reserved:
3/6/2025
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath11k: fix RCU stall while reaping monitor destination ring
While processing the monitor destination ring, MSDUs are reaped from the
link descriptor based on the corresponding buf_id.
However, sometimes the driver cannot obtain a valid buffer corresponding
to the buf_id received from the hardware. This causes an infinite loop
in the destination processing, resulting in a kernel crash.
kernel log:
ath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309
ath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed
ath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309
ath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed
Fix this by skipping the problematic buf_id and reaping the next entry,
replacing the break with the next MSDU processing.
Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30
Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
CNA assigner:
Linux (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
Requested by:
n/a
Products affected (3)
| Product |
Vendor |
Version |
| Linux |
Linux
|
samba 4.18.1, samba 4.17.7, samba 4.16.10
|
| Linux |
Linux
|
n/a
|
| Linux |
Linux
|
12.0.2
|