CVE-2024-49931
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-49931
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49931.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-49931
- Downstream
- Related
- Published
- 2024-10-21T18:01:53Z
- Modified
- 2025-10-17T14:24:51.116745Z
- Summary
- wifi: ath12k: fix array out-of-bound access in SoC stats
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix array out-of-bound access in SoC stats
Currently, the ath12ksocdpstats::halreoerror array is defined with a maximum size of DPREODSTRINGMAX. However, the ath12kdprxprocess() function access ath12ksocdpstats::halreoerror using the REO destination SRNG ring ID, which is incorrect. SRNG ring ID differ from normal ring ID, and this usage leads to out-of-bounds array access. To fix this issue, modify ath12kdprxprocess() to use the normal ring ID directly instead of the SRNG ring ID to avoid out-of-bounds array access.
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/a4aef827a41cdaf6201bbaf773c1eae4e20e967b
- https://git.kernel.org/stable/c/ad791e3ec60cb66c1e4dc121ffbf872df312427d
- https://git.kernel.org/stable/c/d0e4274d9dc9f8409d56d622cd3ecf7b6fd49e2f
- https://git.kernel.org/stable/c/e106b7ad13c1d246adaa57df73edb8f8b8acb240
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd889913205cf7ebda905b1e62c5867ed4e39f6c2Fixedd0e4274d9dc9f8409d56d622cd3ecf7b6fd49e2f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd889913205cf7ebda905b1e62c5867ed4e39f6c2Fixeda4aef827a41cdaf6201bbaf773c1eae4e20e967b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd889913205cf7ebda905b1e62c5867ed4e39f6c2Fixedad791e3ec60cb66c1e4dc121ffbf872df312427d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd889913205cf7ebda905b1e62c5867ed4e39f6c2Fixede106b7ad13c1d246adaa57df73edb8f8b8acb240
Affected versions
v6.*
v6.1
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.10
v6.10.11
v6.10.12
v6.10.13
v6.10.2
v6.10.3
v6.10.4
v6.10.5
v6.10.6
v6.10.7
v6.10.8
v6.10.9
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.11.1
v6.11.2
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"id": "CVE-2024-49931-1c3b4418",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ad791e3ec60cb66c1e4dc121ffbf872df312427d",
"signature_version": "v1",
"target": {
"function": "ath12k_dp_rx_process",
"file": "drivers/net/wireless/ath/ath12k/dp_rx.c"
},
"digest": {
"function_hash": "161085467746273223275702615600082900727",
"length": 2596.0
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2024-49931-4c21ff0f",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ad791e3ec60cb66c1e4dc121ffbf872df312427d",
"signature_version": "v1",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp_rx.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"326387305052383178326936041729458556030",
"154052436673159362757616573624586264042",
"70754909493169619303423059166754925174",
"212542225967071229293622050762907252330"
]
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2024-49931-594f4522",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e106b7ad13c1d246adaa57df73edb8f8b8acb240",
"signature_version": "v1",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp_rx.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"326387305052383178326936041729458556030",
"154052436673159362757616573624586264042",
"70754909493169619303423059166754925174",
"212542225967071229293622050762907252330"
]
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2024-49931-9211c2da",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d0e4274d9dc9f8409d56d622cd3ecf7b6fd49e2f",
"signature_version": "v1",
"target": {
"function": "ath12k_dp_rx_process",
"file": "drivers/net/wireless/ath/ath12k/dp_rx.c"
},
"digest": {
"function_hash": "73053199807916834226387921728712779075",
"length": 2647.0
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2024-49931-9ced9e77",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a4aef827a41cdaf6201bbaf773c1eae4e20e967b",
"signature_version": "v1",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp_rx.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"326387305052383178326936041729458556030",
"154052436673159362757616573624586264042",
"70754909493169619303423059166754925174",
"212542225967071229293622050762907252330"
]
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2024-49931-acc7a7a2",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a4aef827a41cdaf6201bbaf773c1eae4e20e967b",
"signature_version": "v1",
"target": {
"function": "ath12k_dp_rx_process",
"file": "drivers/net/wireless/ath/ath12k/dp_rx.c"
},
"digest": {
"function_hash": "271352097029217995206018286611314593563",
"length": 2576.0
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2024-49931-af29fd91",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e106b7ad13c1d246adaa57df73edb8f8b8acb240",
"signature_version": "v1",
"target": {
"function": "ath12k_dp_rx_process",
"file": "drivers/net/wireless/ath/ath12k/dp_rx.c"
},
"digest": {
"function_hash": "161085467746273223275702615600082900727",
"length": 2596.0
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2024-49931-f6e32b0e",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d0e4274d9dc9f8409d56d622cd3ecf7b6fd49e2f",
"signature_version": "v1",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp_rx.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"326387305052383178326936041729458556030",
"154052436673159362757616573624586264042",
"70754909493169619303423059166754925174",
"52603151664947142230941995469204165931"
]
},
"deprecated": false
}
]