CVE-2024-50236
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/11/2024
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
wifi: ath10k: Fix memory leak in management tx<br />
<br />
In the current logic, memory is allocated for storing the MSDU context<br />
during management packet TX but this memory is not being freed during<br />
management TX completion. Similar leaks are seen in the management TX<br />
cleanup logic.<br />
<br />
Kmemleak reports this problem as below,<br />
<br />
unreferenced object 0xffffff80b64ed250 (size 16):<br />
comm "kworker/u16:7", pid 148, jiffies 4294687130 (age 714.199s)<br />
hex dump (first 16 bytes):<br />
00 2b d8 d8 80 ff ff ff c4 74 e9 fd 07 00 00 00 .+.......t......<br />
backtrace:<br />
[] __kmem_cache_alloc_node+0x1e4/0x2d8<br />
[] kmalloc_trace+0x48/0x110<br />
[] ath10k_wmi_tlv_op_gen_mgmt_tx_send+0xd4/0x1d8 [ath10k_core]<br />
[] ath10k_mgmt_over_wmi_tx_work+0x134/0x298 [ath10k_core]<br />
[] process_scheduled_works+0x1ac/0x400<br />
[] worker_thread+0x208/0x328<br />
[] kthread+0x100/0x1c0<br />
[] ret_from_fork+0x10/0x20<br />
<br />
Free the memory during completion and cleanup to fix the leak.<br />
<br />
Protect the mgmt_pending_tx idr_remove() operation in<br />
ath10k_wmi_tlv_op_cleanup_mgmt_tx_send() using ar->data_lock similar to<br />
other instances.<br />
<br />
Tested-on: WCN3990 hw1.0 SNOC WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.19 (including) | 4.19.323 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.285 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.229 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.171 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.116 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.60 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.11.7 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/2f6f1e26ac6d2b38e2198a71f81f0ade14d6b07b
- https://git.kernel.org/stable/c/4112450da7d67b59ccedc2208bae622db17dbcb8
- https://git.kernel.org/stable/c/5f5a939759c79e7385946c85e62feca51a18d816
- https://git.kernel.org/stable/c/6cc23898e6ba47e976050d3c080b4d2c1add3748
- https://git.kernel.org/stable/c/6fc9af3df6ca7f3c94774d20f62dc7b49616026d
- https://git.kernel.org/stable/c/705be2dc45c7f852e211e16bc41a916fab741983
- https://git.kernel.org/stable/c/e15d84b3bba187aa372dff7c58ce1fd5cb48a076
- https://git.kernel.org/stable/c/eff818238bedb9c2484c251ec46f9f160911cdc0
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html