CVE-2024-50236

In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: Fix memory leak in management tx In the current logic, memory is allocated for storing the MSDU context during management packet TX but this memory is not being freed during management TX completion. Similar leaks are seen in the management TX cleanup logic. Kmemleak reports this problem as below, unreferenced object 0xffffff80b64ed250 (size 16): comm "kworker/u16:7", pid 148, jiffies 4294687130 (age 714.199s) hex dump (first 16 bytes): 00 2b d8 d8 80 ff ff ff c4 74 e9 fd 07 00 00 00 .+.......t...... backtrace: [<ffffffe6e7b245dc>] __kmem_cache_alloc_node+0x1e4/0x2d8 [<ffffffe6e7adde88>] kmalloc_trace+0x48/0x110 [<ffffffe6bbd765fc>] ath10k_wmi_tlv_op_gen_mgmt_tx_send+0xd4/0x1d8 [ath10k_core] [<ffffffe6bbd3eed4>] ath10k_mgmt_over_wmi_tx_work+0x134/0x298 [ath10k_core] [<ffffffe6e78d5974>] process_scheduled_works+0x1ac/0x400 [<ffffffe6e78d60b8>] worker_thread+0x208/0x328 [<ffffffe6e78dc890>] kthread+0x100/0x1c0 [<ffffffe6e78166c0>] ret_from_fork+0x10/0x20 Free the memory during completion and cleanup to fix the leak. Protect the mgmt_pending_tx idr_remove() operation in ath10k_wmi_tlv_op_cleanup_mgmt_tx_send() using ar->data_lock similar to other instances. Tested-on: WCN3990 hw1.0 SNOC WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*

History

14 Nov 2024, 16:29

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
References () https://git.kernel.org/stable/c/2f6f1e26ac6d2b38e2198a71f81f0ade14d6b07b - () https://git.kernel.org/stable/c/2f6f1e26ac6d2b38e2198a71f81f0ade14d6b07b - Patch
References () https://git.kernel.org/stable/c/4112450da7d67b59ccedc2208bae622db17dbcb8 - () https://git.kernel.org/stable/c/4112450da7d67b59ccedc2208bae622db17dbcb8 - Patch
References () https://git.kernel.org/stable/c/5f5a939759c79e7385946c85e62feca51a18d816 - () https://git.kernel.org/stable/c/5f5a939759c79e7385946c85e62feca51a18d816 - Patch
References () https://git.kernel.org/stable/c/6cc23898e6ba47e976050d3c080b4d2c1add3748 - () https://git.kernel.org/stable/c/6cc23898e6ba47e976050d3c080b4d2c1add3748 - Patch
References () https://git.kernel.org/stable/c/6fc9af3df6ca7f3c94774d20f62dc7b49616026d - () https://git.kernel.org/stable/c/6fc9af3df6ca7f3c94774d20f62dc7b49616026d - Patch
References () https://git.kernel.org/stable/c/705be2dc45c7f852e211e16bc41a916fab741983 - () https://git.kernel.org/stable/c/705be2dc45c7f852e211e16bc41a916fab741983 - Patch
References () https://git.kernel.org/stable/c/e15d84b3bba187aa372dff7c58ce1fd5cb48a076 - () https://git.kernel.org/stable/c/e15d84b3bba187aa372dff7c58ce1fd5cb48a076 - Patch
References () https://git.kernel.org/stable/c/eff818238bedb9c2484c251ec46f9f160911cdc0 - () https://git.kernel.org/stable/c/eff818238bedb9c2484c251ec46f9f160911cdc0 - Patch
CWE CWE-401
First Time Linux linux Kernel
Linux
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*

12 Nov 2024, 13:56

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath10k: Se corrige una pérdida de memoria en la transmisión de administración. En la lógica actual, se asigna memoria para almacenar el contexto MSDU durante la transmisión del paquete de administración, pero esta memoria no se libera durante la finalización de la transmisión de administración. Se observan pérdidas similares en la lógica de limpieza de la transmisión de administración. Kmemleak informa este problema de la siguiente manera: objeto sin referencia 0xffffff80b64ed250 (tamaño 16): comm "kworker/u16:7", pid 148, jiffies 4294687130 (edad 714.199s) volcado hexadecimal (primeros 16 bytes): 00 2b d8 d8 80 ff ff ff c4 74 e9 fd 07 00 00 00 .+.......t...... backtrace: [] __kmem_cache_alloc_node+0x1e4/0x2d8 [] kmalloc_trace+0x48/0x110 [] Libere la memoria durante la finalización y la limpieza para reparar la pérdida. Proteja la operación mgmt_pending_tx idr_remove() en ath10k_wmi_tlv_op_cleanup_mgmt_tx_send() mediante ar-&gt;data_lock de forma similar a otras instancias. Probado en: WCN3990 hw1.0 SNOC WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1

09 Nov 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-09 11:15

Updated : 2024-11-14 16:29


NVD link : CVE-2024-50236

Mitre link : CVE-2024-50236

CVE.ORG link : CVE-2024-50236


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-401

Missing Release of Memory after Effective Lifetime