CVE-2024-47724
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-47724
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47724.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-47724
- Downstream
- Related
- Published
- 2024-10-21T12:13:58Z
- Modified
- 2025-10-14T23:57:58.550166Z
- Summary
- wifi: ath11k: use work queue to process beacon tx event
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath11k: use work queue to process beacon tx event
Commit 3a415daa3e8b ("wifi: ath11k: add P2P IE in beacon template") from Feb 28, 2024 (linux-next), leads to the following Smatch static checker warning:
drivers/net/wireless/ath/ath11k/wmi.c:1742 ath11kwmip2pgobcn_ie() warn: sleeping in atomic context
The reason is that ath11kbcntxstatusevent() will directly call might sleep function ath11kwmicmd_send() during RCU read-side critical sections. The call trace is like:
ath11kbcntxstatusevent() -> rcureadlock() -> ath11kmacbcntxevent() -> ath11kmacsetupbcntmpl() …… -> ath11kwmibcntmpl() -> ath11kwmicmdsend() -> rcureadunlock()
Commit 886433a98425 ("ath11k: add support for BSS color change") added the ath11kmacbcntxevent(), commit 01e782c89108 ("ath11k: fix warning of RCU usage for ath11kmacgetarvifbyvdevid()") added the RCU lock to avoid warning but also introduced this BUG.
Use work queue to avoid directly calling ath11kmacbcntxevent() during RCU critical sections. No need to worry about the deletion of vif because cancelworksync() will drop the work if it doesn't start or block vif deletion until the running work is done.
Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPLV1V2SILICONZLITE-3.6510.30
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3a415daa3e8ba65f1cc976c172a5ab69bdc17e69Fixeddbd51da69dda1137723b8f66460bf99a9dac8dd2
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3a415daa3e8ba65f1cc976c172a5ab69bdc17e69Fixed6db232905e094e64abff1f18249905d068285e09
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3a415daa3e8ba65f1cc976c172a5ab69bdc17e69Fixed177b49dbf9c1d8f9f25a22ffafa416fc2c8aa6a3
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.10
v6.10.11
v6.10.12
v6.10.2
v6.10.3
v6.10.4
v6.10.5
v6.10.6
v6.10.7
v6.10.8
v6.10.9
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.11.1
v6.8
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"id": "CVE-2024-47724-0555a69e",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6db232905e094e64abff1f18249905d068285e09",
"signature_version": "v1",
"target": {
"file": "drivers/net/wireless/ath/ath11k/core.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"238518174529881808706938940402311905137",
"27127118023867451412584034396939415447",
"280426739617210406598244912185790144040",
"259885139206599831158204510500081065964"
]
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2024-47724-1a2b7a6d",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6db232905e094e64abff1f18249905d068285e09",
"signature_version": "v1",
"target": {
"function": "ath11k_mac_op_add_interface",
"file": "drivers/net/wireless/ath/ath11k/mac.c"
},
"digest": {
"function_hash": "227379363803885392479879739651965715672",
"length": 6993.0
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2024-47724-3115c155",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6db232905e094e64abff1f18249905d068285e09",
"signature_version": "v1",
"target": {
"file": "drivers/net/wireless/ath/ath11k/wmi.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"254384963623518230635706153047805842030",
"244794986934739048063635326134171371482",
"328079222305288272802569859270111257708",
"311340441389726355705158886296223796007"
]
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2024-47724-394cb515",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@177b49dbf9c1d8f9f25a22ffafa416fc2c8aa6a3",
"signature_version": "v1",
"target": {
"file": "drivers/net/wireless/ath/ath11k/core.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"238518174529881808706938940402311905137",
"27127118023867451412584034396939415447",
"280426739617210406598244912185790144040",
"259885139206599831158204510500081065964"
]
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2024-47724-3c708cc9",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@177b49dbf9c1d8f9f25a22ffafa416fc2c8aa6a3",
"signature_version": "v1",
"target": {
"file": "drivers/net/wireless/ath/ath11k/mac.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"180759864338477321852553974849584074459",
"19246043171420066408829336782439481346",
"167209254248876520944994156093385262271",
"320156480474593185600277059434804283201",
"247502321353597245349867077925208008220",
"295338996192000637336880259221090223117",
"147575686731092861560034715781026262831",
"56211142863561081194014132362929990788",
"123922558679745784098646885248737812579",
"35331925647306817749746376459035634295",
"267438539952654494107466174428683643573"
]
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2024-47724-60410214",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@177b49dbf9c1d8f9f25a22ffafa416fc2c8aa6a3",
"signature_version": "v1",
"target": {
"file": "drivers/net/wireless/ath/ath11k/wmi.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"254384963623518230635706153047805842030",
"244794986934739048063635326134171371482",
"328079222305288272802569859270111257708",
"311340441389726355705158886296223796007"
]
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2024-47724-622561db",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dbd51da69dda1137723b8f66460bf99a9dac8dd2",
"signature_version": "v1",
"target": {
"file": "drivers/net/wireless/ath/ath11k/mac.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"180759864338477321852553974849584074459",
"19246043171420066408829336782439481346",
"167209254248876520944994156093385262271",
"320156480474593185600277059434804283201",
"247502321353597245349867077925208008220",
"295338996192000637336880259221090223117",
"147575686731092861560034715781026262831",
"56211142863561081194014132362929990788",
"123922558679745784098646885248737812579",
"35331925647306817749746376459035634295",
"267438539952654494107466174428683643573"
]
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2024-47724-6741654b",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dbd51da69dda1137723b8f66460bf99a9dac8dd2",
"signature_version": "v1",
"target": {
"file": "drivers/net/wireless/ath/ath11k/wmi.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"254384963623518230635706153047805842030",
"244794986934739048063635326134171371482",
"328079222305288272802569859270111257708",
"311340441389726355705158886296223796007"
]
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2024-47724-6a00bcb1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dbd51da69dda1137723b8f66460bf99a9dac8dd2",
"signature_version": "v1",
"target": {
"function": "ath11k_mac_op_remove_interface",
"file": "drivers/net/wireless/ath/ath11k/mac.c"
},
"digest": {
"function_hash": "276494000819661131006425524796248953132",
"length": 1889.0
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2024-47724-6d5955ce",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6db232905e094e64abff1f18249905d068285e09",
"signature_version": "v1",
"target": {
"function": "ath11k_bcn_tx_status_event",
"file": "drivers/net/wireless/ath/ath11k/wmi.c"
},
"digest": {
"function_hash": "238519321956852121564988965560724840925",
"length": 476.0
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2024-47724-83dd526f",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dbd51da69dda1137723b8f66460bf99a9dac8dd2",
"signature_version": "v1",
"target": {
"function": "ath11k_bcn_tx_status_event",
"file": "drivers/net/wireless/ath/ath11k/wmi.c"
},
"digest": {
"function_hash": "238519321956852121564988965560724840925",
"length": 476.0
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2024-47724-93da6885",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dbd51da69dda1137723b8f66460bf99a9dac8dd2",
"signature_version": "v1",
"target": {
"file": "drivers/net/wireless/ath/ath11k/core.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"238518174529881808706938940402311905137",
"27127118023867451412584034396939415447",
"280426739617210406598244912185790144040",
"259885139206599831158204510500081065964"
]
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2024-47724-95455378",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@177b49dbf9c1d8f9f25a22ffafa416fc2c8aa6a3",
"signature_version": "v1",
"target": {
"function": "ath11k_mac_op_add_interface",
"file": "drivers/net/wireless/ath/ath11k/mac.c"
},
"digest": {
"function_hash": "227379363803885392479879739651965715672",
"length": 6993.0
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2024-47724-9f22ace3",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@177b49dbf9c1d8f9f25a22ffafa416fc2c8aa6a3",
"signature_version": "v1",
"target": {
"function": "ath11k_mac_op_remove_interface",
"file": "drivers/net/wireless/ath/ath11k/mac.c"
},
"digest": {
"function_hash": "276494000819661131006425524796248953132",
"length": 1889.0
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2024-47724-a2df4bc4",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dbd51da69dda1137723b8f66460bf99a9dac8dd2",
"signature_version": "v1",
"target": {
"function": "ath11k_mac_op_add_interface",
"file": "drivers/net/wireless/ath/ath11k/mac.c"
},
"digest": {
"function_hash": "227379363803885392479879739651965715672",
"length": 6993.0
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2024-47724-b00de577",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@177b49dbf9c1d8f9f25a22ffafa416fc2c8aa6a3",
"signature_version": "v1",
"target": {
"function": "ath11k_bcn_tx_status_event",
"file": "drivers/net/wireless/ath/ath11k/wmi.c"
},
"digest": {
"function_hash": "238519321956852121564988965560724840925",
"length": 476.0
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2024-47724-b66f8197",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6db232905e094e64abff1f18249905d068285e09",
"signature_version": "v1",
"target": {
"function": "ath11k_mac_op_remove_interface",
"file": "drivers/net/wireless/ath/ath11k/mac.c"
},
"digest": {
"function_hash": "276494000819661131006425524796248953132",
"length": 1889.0
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2024-47724-f294a1aa",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6db232905e094e64abff1f18249905d068285e09",
"signature_version": "v1",
"target": {
"file": "drivers/net/wireless/ath/ath11k/mac.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"180759864338477321852553974849584074459",
"19246043171420066408829336782439481346",
"167209254248876520944994156093385262271",
"320156480474593185600277059434804283201",
"247502321353597245349867077925208008220",
"295338996192000637336880259221090223117",
"147575686731092861560034715781026262831",
"56211142863561081194014132362929990788",
"123922558679745784098646885248737812579",
"35331925647306817749746376459035634295",
"267438539952654494107466174428683643573"
]
},
"deprecated": false
}
]