{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-49931", "ASSIGNER": "cve@kernel.org", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix array out-of-bound access in SoC stats\n\nCurrently, the ath12k_soc_dp_stats::hal_reo_error array is defined with a\nmaximum size of DP_REO_DST_RING_MAX. However, the ath12k_dp_rx_process()\nfunction access ath12k_soc_dp_stats::hal_reo_error using the REO\ndestination SRNG ring ID, which is incorrect. SRNG ring ID differ from\nnormal ring ID, and this usage leads to out-of-bounds array access. To\nfix this issue, modify ath12k_dp_rx_process() to use the normal ring ID\ndirectly instead of the SRNG ring ID to avoid out-of-bounds array access.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Linux", "product": { "product_data": [ { "product_name": "Linux", "version": { "version_data": [ { "version_affected": "<", "version_name": "d889913205cf", "version_value": "d0e4274d9dc9" }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "versions": [ { "version": "6.3", "status": "affected" }, { "version": "0", "lessThan": "6.3", "status": "unaffected", "versionType": "semver" }, { "version": "6.6.55", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.10.14", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.11.3", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ], "defaultStatus": "affected" } } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://git.kernel.org/stable/c/d0e4274d9dc9f8409d56d622cd3ecf7b6fd49e2f", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/d0e4274d9dc9f8409d56d622cd3ecf7b6fd49e2f" }, { "url": "https://git.kernel.org/stable/c/a4aef827a41cdaf6201bbaf773c1eae4e20e967b", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/a4aef827a41cdaf6201bbaf773c1eae4e20e967b" }, { "url": "https://git.kernel.org/stable/c/ad791e3ec60cb66c1e4dc121ffbf872df312427d", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/ad791e3ec60cb66c1e4dc121ffbf872df312427d" }, { "url": "https://git.kernel.org/stable/c/e106b7ad13c1d246adaa57df73edb8f8b8acb240", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/e106b7ad13c1d246adaa57df73edb8f8b8acb240" } ] }, "generator": { "engine": "bippy-8e903de6a542" } }