CVE-2024-58097
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-58097
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-58097.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-58097
- Downstream
- Related
- Published
- 2025-04-16T14:11:45Z
- Modified
- 2025-10-17T20:22:40.612635Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- wifi: ath11k: fix RCU stall while reaping monitor destination ring
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath11k: fix RCU stall while reaping monitor destination ring
While processing the monitor destination ring, MSDUs are reaped from the link descriptor based on the corresponding buf_id.
However, sometimes the driver cannot obtain a valid buffer corresponding to the buf_id received from the hardware. This causes an infinite loop in the destination processing, resulting in a kernel crash.
kernel log: ath11kpci 0000:58:00.0: data msdupop: invalid bufid 309 ath11kpci 0000:58:00.0: data dprxmonitorlinkdescreturn failed ath11kpci 0000:58:00.0: data msdupop: invalid bufid 309 ath11kpci 0000:58:00.0: data dprxmonitorlinkdescreturn failed
Fix this by skipping the problematic buf_id and reaping the next entry, replacing the break with the next MSDU processing.
Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPLV1V2SILICONZLITE-3.6510.30 Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd5c65159f2895379e11ca13f62feabe93278985dFixedb4991fc41745645f8050506f5a8578bd11e6b378
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd5c65159f2895379e11ca13f62feabe93278985dFixed16c6c35c03ea73054a1f6d3302a4ce4a331b427d
Affected versions
v5.*
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.4
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"338347643670485404951263423265755868063",
"57092735674589421168829791548002401316",
"78395540773497726292822589191704359229",
"87211786233703584551663925593705366000",
"117499088993968732157560843050439564595",
"330126150945099397866403729730374926942",
"41192998696280713506397458009539337520",
"62370136805078392447754040692546374131"
]
},
"id": "CVE-2024-58097-4e5cbf80",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@16c6c35c03ea73054a1f6d3302a4ce4a331b427d",
"target": {
"file": "drivers/net/wireless/ath/ath11k/dp_rx.c"
},
"deprecated": false
},
{
"digest": {
"function_hash": "301109917846385998645302534472030239762",
"length": 3053.0
},
"id": "CVE-2024-58097-83c8a015",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b4991fc41745645f8050506f5a8578bd11e6b378",
"target": {
"file": "drivers/net/wireless/ath/ath11k/dp_rx.c",
"function": "ath11k_dp_rx_full_mon_mpdu_pop"
},
"deprecated": false
},
{
"digest": {
"function_hash": "22761294995384771752437631242211740459",
"length": 3935.0
},
"id": "CVE-2024-58097-a762c612",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b4991fc41745645f8050506f5a8578bd11e6b378",
"target": {
"file": "drivers/net/wireless/ath/ath11k/dp_rx.c",
"function": "ath11k_dp_rx_mon_mpdu_pop"
},
"deprecated": false
},
{
"digest": {
"function_hash": "301109917846385998645302534472030239762",
"length": 3053.0
},
"id": "CVE-2024-58097-ceca8639",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@16c6c35c03ea73054a1f6d3302a4ce4a331b427d",
"target": {
"file": "drivers/net/wireless/ath/ath11k/dp_rx.c",
"function": "ath11k_dp_rx_full_mon_mpdu_pop"
},
"deprecated": false
},
{
"digest": {
"function_hash": "22761294995384771752437631242211740459",
"length": 3935.0
},
"id": "CVE-2024-58097-ed7051a5",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@16c6c35c03ea73054a1f6d3302a4ce4a331b427d",
"target": {
"file": "drivers/net/wireless/ath/ath11k/dp_rx.c",
"function": "ath11k_dp_rx_mon_mpdu_pop"
},
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"338347643670485404951263423265755868063",
"57092735674589421168829791548002401316",
"78395540773497726292822589191704359229",
"87211786233703584551663925593705366000",
"117499088993968732157560843050439564595",
"330126150945099397866403729730374926942",
"41192998696280713506397458009539337520",
"62370136805078392447754040692546374131"
]
},
"id": "CVE-2024-58097-f2dc6550",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b4991fc41745645f8050506f5a8578bd11e6b378",
"target": {
"file": "drivers/net/wireless/ath/ath11k/dp_rx.c"
},
"deprecated": false
}
]