CVE-2024-53188

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-53188

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53188.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-53188

Downstream

BELL-CVE-2024-53188

DEBIAN-CVE-2024-53188

OESA-2025-1594

OESA-2025-1595

SUSE-SU-2025:0117-1

SUSE-SU-2025:0153-1

SUSE-SU-2025:0154-1

SUSE-SU-2025:0289-1

UBUNTU-CVE-2024-53188

USN-7310-1

USN-7449-1

USN-7449-2

USN-7450-1

USN-7451-1

USN-7452-1

USN-7453-1

USN-7468-1

USN-7523-1

USN-7524-1

Related

Published

2024-12-27T14:15:26Z

Modified

2025-08-09T20:01:27Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: fix crash when unbinding

If there is an error during some initialization related to firmware, the function ath12kdpcccleanup is called to release resources. However this is released again when the device is unbinded (ath12kpci), and we get: BUG: kernel NULL pointer dereference, address: 0000000000000020 at RIP: 0010:ath12kdpcccleanup.part.0+0xb6/0x500 [ath12k] Call Trace: ath12kdpcccleanup ath12kdpfree ath12kcoredeinit ath12kpciremove ...

The issue is always reproducible from a VM because the MSI addressing initialization is failing.

In order to fix the issue, just set to NULL the released structure in ath12kdpcc_cleanup at the end.

References

Affected packages