CVE-2024-53191

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-53191

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53191.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-53191

Downstream

BELL-CVE-2024-53191

DEBIAN-CVE-2024-53191

OESA-2025-1078

OESA-2025-1079

SUSE-SU-2025:0117-1

SUSE-SU-2025:0153-1

SUSE-SU-2025:0154-1

SUSE-SU-2025:0289-1

UBUNTU-CVE-2024-53191

USN-7310-1

USN-7449-1

USN-7449-2

USN-7450-1

USN-7451-1

USN-7452-1

USN-7453-1

USN-7468-1

USN-7523-1

USN-7524-1

Related

Published

2024-12-27T14:15:26Z

Modified

2025-10-01T20:17:18Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: fix warning when unbinding

If there is an error during some initialization related to firmware, the buffers dp->txring[i].txstatus are released. However this is released again when the device is unbinded (ath12kpci), and we get: WARNING: CPU: 0 PID: 2098 at mm/slub.c:4689 freelargekmalloc+0x4d/0x80 Call Trace: freelargekmalloc ath12kdpfree ath12kcoredeinit ath12kpci_remove ...

The issue is always reproducible from a VM because the MSI addressing initialization is failing.

In order to fix the issue, just set the buffers to NULL after releasing in order to avoid the double free.

References

Affected packages