CVE-2024-46827

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: ath12k: fix firmware crash due to invalid peer nss<br /> <br /> Currently, if the access point receives an association<br /> request containing an Extended HE Capabilities Information<br /> Element with an invalid MCS-NSS, it triggers a firmware<br /> crash.<br /> <br /> This issue arises when EHT-PHY capabilities shows support<br /> for a bandwidth and MCS-NSS set for that particular<br /> bandwidth is filled by zeros and due to this, driver obtains<br /> peer_nss as 0 and sending this value to firmware causes<br /> crash.<br /> <br /> Address this issue by implementing a validation step for<br /> the peer_nss value before passing it to the firmware. If<br /> the value is greater than zero, proceed with forwarding<br /> it to the firmware. However, if the value is invalid,<br /> reject the association request to prevent potential<br /> firmware crashes.<br /> <br /> Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1