AZL-55631

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-55631.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-55631

Upstream

CVE-2024-53188

Published

2024-12-27T14:15:26Z

Modified

2026-04-01T05:18:40.503778Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-53188 affecting package kernel for versions less than 6.6.64.2-1

Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: fix crash when unbinding

If there is an error during some initialization related to firmware, the function ath12kdpcccleanup is called to release resources. However this is released again when the device is unbinded (ath12kpci), and we get: BUG: kernel NULL pointer dereference, address: 0000000000000020 at RIP: 0010:ath12kdpcccleanup.part.0+0xb6/0x500 [ath12k] Call Trace: ath12kdpcccleanup ath12kdpfree ath12kcoredeinit ath12kpciremove ...

The issue is always reproducible from a VM because the MSI addressing initialization is failing.

In order to fix the issue, just set to NULL the released structure in ath12kdpcc_cleanup at the end.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-53188

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.64.2-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-55631.json"