CVE-2024-56543
Vulnerability from cvelistv5
Published
2024-12-27 14:11
Modified
2024-12-27 14:11
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Skip Rx TID cleanup for self peer During peer create, dp setup for the peer is done where Rx TID is updated for all the TIDs. Peer object for self peer will not go through dp setup. When core halts, dp cleanup is done for all the peers. While cleanup, rx_tid::ab is accessed which causes below stack trace for self peer. WARNING: CPU: 6 PID: 12297 at drivers/net/wireless/ath/ath12k/dp_rx.c:851 Call Trace: __warn+0x7b/0x1a0 ath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k] report_bug+0x10b/0x200 handle_bug+0x3f/0x70 exc_invalid_op+0x13/0x60 asm_exc_invalid_op+0x16/0x20 ath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k] ath12k_dp_rx_frags_cleanup+0xca/0xe0 [ath12k] ath12k_dp_rx_peer_tid_cleanup+0x39/0xa0 [ath12k] ath12k_mac_peer_cleanup_all+0x61/0x100 [ath12k] ath12k_core_halt+0x3b/0x100 [ath12k] ath12k_core_reset+0x494/0x4c0 [ath12k] sta object in peer will be updated when remote peer is created. Hence use peer::sta to detect the self peer and skip the cleanup. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1a0c640ce1cdcde3eb131a0c1e70ca1ed7cf27cb
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a052483d495a4dc62c814f2fd17d0ceb308fc6a6
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a1e2d6738b29c74c2024eb23167dfff68aadd984
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d73da0dd2853887b7aab71f0d572fd3314dafafe
Impacted products
Vendor Product Version
Linux Linux Version: 6.3
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath12k/mac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d73da0dd2853887b7aab71f0d572fd3314dafafe",
              "status": "affected",
              "version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
              "versionType": "git"
            },
            {
              "lessThan": "a1e2d6738b29c74c2024eb23167dfff68aadd984",
              "status": "affected",
              "version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
              "versionType": "git"
            },
            {
              "lessThan": "a052483d495a4dc62c814f2fd17d0ceb308fc6a6",
              "status": "affected",
              "version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
              "versionType": "git"
            },
            {
              "lessThan": "1a0c640ce1cdcde3eb131a0c1e70ca1ed7cf27cb",
              "status": "affected",
              "version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath12k/mac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Skip Rx TID cleanup for self peer\n\nDuring peer create, dp setup for the peer is done where Rx TID is\nupdated for all the TIDs. Peer object for self peer will not go through\ndp setup.\n\nWhen core halts, dp cleanup is done for all the peers. While cleanup,\nrx_tid::ab is accessed which causes below stack trace for self peer.\n\nWARNING: CPU: 6 PID: 12297 at drivers/net/wireless/ath/ath12k/dp_rx.c:851\nCall Trace:\n__warn+0x7b/0x1a0\nath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k]\nreport_bug+0x10b/0x200\nhandle_bug+0x3f/0x70\nexc_invalid_op+0x13/0x60\nasm_exc_invalid_op+0x16/0x20\nath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k]\nath12k_dp_rx_frags_cleanup+0xca/0xe0 [ath12k]\nath12k_dp_rx_peer_tid_cleanup+0x39/0xa0 [ath12k]\nath12k_mac_peer_cleanup_all+0x61/0x100 [ath12k]\nath12k_core_halt+0x3b/0x100 [ath12k]\nath12k_core_reset+0x494/0x4c0 [ath12k]\n\nsta object in peer will be updated when remote peer is created. Hence\nuse peer::sta to detect the self peer and skip the cleanup.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-27T14:11:24.971Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d73da0dd2853887b7aab71f0d572fd3314dafafe"
        },
        {
          "url": "https://git.kernel.org/stable/c/a1e2d6738b29c74c2024eb23167dfff68aadd984"
        },
        {
          "url": "https://git.kernel.org/stable/c/a052483d495a4dc62c814f2fd17d0ceb308fc6a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a0c640ce1cdcde3eb131a0c1e70ca1ed7cf27cb"
        }
      ],
      "title": "wifi: ath12k: Skip Rx TID cleanup for self peer",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56543",
    "datePublished": "2024-12-27T14:11:24.971Z",
    "dateReserved": "2024-12-27T14:03:05.988Z",
    "dateUpdated": "2024-12-27T14:11:24.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-56543\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-12-27T14:15:34.020\",\"lastModified\":\"2024-12-27T14:15:34.020\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nwifi: ath12k: Skip Rx TID cleanup for self peer\\n\\nDuring peer create, dp setup for the peer is done where Rx TID is\\nupdated for all the TIDs. Peer object for self peer will not go through\\ndp setup.\\n\\nWhen core halts, dp cleanup is done for all the peers. While cleanup,\\nrx_tid::ab is accessed which causes below stack trace for self peer.\\n\\nWARNING: CPU: 6 PID: 12297 at drivers/net/wireless/ath/ath12k/dp_rx.c:851\\nCall Trace:\\n__warn+0x7b/0x1a0\\nath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k]\\nreport_bug+0x10b/0x200\\nhandle_bug+0x3f/0x70\\nexc_invalid_op+0x13/0x60\\nasm_exc_invalid_op+0x16/0x20\\nath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k]\\nath12k_dp_rx_frags_cleanup+0xca/0xe0 [ath12k]\\nath12k_dp_rx_peer_tid_cleanup+0x39/0xa0 [ath12k]\\nath12k_mac_peer_cleanup_all+0x61/0x100 [ath12k]\\nath12k_core_halt+0x3b/0x100 [ath12k]\\nath12k_core_reset+0x494/0x4c0 [ath12k]\\n\\nsta object in peer will be updated when remote peer is created. Hence\\nuse peer::sta to detect the self peer and skip the cleanup.\\n\\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1\\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1a0c640ce1cdcde3eb131a0c1e70ca1ed7cf27cb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a052483d495a4dc62c814f2fd17d0ceb308fc6a6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a1e2d6738b29c74c2024eb23167dfff68aadd984\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d73da0dd2853887b7aab71f0d572fd3314dafafe\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.