CVE-2024-50236

CVE Details

Release Date:

2024-11-09

Description

In the Linux kernel, the following vulnerability has been resolved:\nwifi: ath10k: Fix memory leak in management tx\nIn the current logic, memory is allocated for storing the MSDU context\nduring management packet TX but this memory is not being freed during\nmanagement TX completion. Similar leaks are seen in the management TX\ncleanup logic.\nKmemleak reports this problem as below,\nunreferenced object 0xffffff80b64ed250 (size 16):\ncomm 'kworker/u16:7', pid 148, jiffies 4294687130 (age 714.199s)\nhex dump (first 16 bytes):\n00 2b d8 d8 80 ff ff ff c4 74 e9 fd 07 00 00 00 .+.......t......\nbacktrace:\n[] __kmem_cache_alloc_node+0x1e4/0x2d8\n[] kmalloc_trace+0x48/0x110\n[] ath10k_wmi_tlv_op_gen_mgmt_tx_send+0xd4/0x1d8 [ath10k_core]\n[] ath10k_mgmt_over_wmi_tx_work+0x134/0x298 [ath10k_core]\n[] process_scheduled_works+0x1ac/0x400\n[] worker_thread+0x208/0x328\n[] kthread+0x100/0x1c0\n[] ret_from_fork+0x10/0x20\nFree the memory during completion and cleanup to fix the leak.\nProtect the mgmt_pending_tx idr_remove() operation in\nath10k_wmi_tlv_op_cleanup_mgmt_tx_send() using ar->data_lock similar to\nother instances.\nTested-on: WCN3990 hw1.0 SNOC WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1

See more information about CVE-2024-50236 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	5.5
Vector String:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version:	3.1
Attack Vector:	Local
Attack Complexity:	Low
Privileges Required:	Low
User Interaction:	None
Scope:	Unchanged
Confidentiality:	None
Integrity:	None
Availability:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12884	2024-12-16
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12884	2024-12-16