nvd-json-data-feeds/CVE-2024/CVE-2024-273xx/CVE-2024-27391.json

{
  "id": "CVE-2024-27391",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-05-01T13:15:51.750",
  "lastModified": "2024-05-01T13:15:51.750",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: do not realloc workqueue everytime an interface is added\n\nCommit 09ed8bfc5215 (\"wilc1000: Rename workqueue from \"WILC_wq\" to\n\"NETDEV-wq\"\") moved workqueue creation in wilc_netdev_ifc_init in order to\nset the interface name in the workqueue name. However, while the driver\nneeds only one workqueue, the wilc_netdev_ifc_init is called each time we\nadd an interface over a phy, which in turns overwrite the workqueue with a\nnew one. This can be observed with the following commands:\n\nfor i in $(seq 0 10)\ndo\n  iw phy phy0 interface add wlan1 type managed\n  iw dev wlan1 del\ndone\nps -eo pid,comm|grep wlan\n\n 39 kworker/R-wlan0\n 98 kworker/R-wlan1\n102 kworker/R-wlan1\n105 kworker/R-wlan1\n108 kworker/R-wlan1\n111 kworker/R-wlan1\n114 kworker/R-wlan1\n117 kworker/R-wlan1\n120 kworker/R-wlan1\n123 kworker/R-wlan1\n126 kworker/R-wlan1\n129 kworker/R-wlan1\n\nFix this leakage by putting back hif_workqueue allocation in\nwilc_cfg80211_init. Regarding the workqueue name, it is indeed relevant to\nset it lowercase, however it is not  attached to a specific netdev, so\nenforcing netdev name in the name is not so relevant. Still, enrich the\nname with the wiphy name to make it clear which phy is using the workqueue."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/328efda22af81130c2ad981c110518cb29ff2f1d",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/4041c60a9d543b3ad50225385b072ba68e96166e",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/515cc676dfbce40d93c92b1ff3c1070e917f4e52",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/90ae293d1d255f622318fce6eeea2e18f9fde5c1",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/9ab0c303ccabfd6bdce14432792d41090070008c",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    }
  ]
}
Auto-Update: 2024-05-01T14:00:40.467445+00:00 2024-05-01 14:03:31 +00:00			`{`
			`"id": "CVE-2024-27391",`
			`"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",`
			`"published": "2024-05-01T13:15:51.750",`
			`"lastModified": "2024-05-01T13:15:51.750",`
			`"vulnStatus": "Received",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: do not realloc workqueue everytime an interface is added\n\nCommit 09ed8bfc5215 (\"wilc1000: Rename workqueue from \"WILC_wq\" to\n\"NETDEV-wq\"\") moved workqueue creation in wilc_netdev_ifc_init in order to\nset the interface name in the workqueue name. However, while the driver\nneeds only one workqueue, the wilc_netdev_ifc_init is called each time we\nadd an interface over a phy, which in turns overwrite the workqueue with a\nnew one. This can be observed with the following commands:\n\nfor i in $(seq 0 10)\ndo\n iw phy phy0 interface add wlan1 type managed\n iw dev wlan1 del\ndone\nps -eo pid,comm\|grep wlan\n\n 39 kworker/R-wlan0\n 98 kworker/R-wlan1\n102 kworker/R-wlan1\n105 kworker/R-wlan1\n108 kworker/R-wlan1\n111 kworker/R-wlan1\n114 kworker/R-wlan1\n117 kworker/R-wlan1\n120 kworker/R-wlan1\n123 kworker/R-wlan1\n126 kworker/R-wlan1\n129 kworker/R-wlan1\n\nFix this leakage by putting back hif_workqueue allocation in\nwilc_cfg80211_init. Regarding the workqueue name, it is indeed relevant to\nset it lowercase, however it is not attached to a specific netdev, so\nenforcing netdev name in the name is not so relevant. Still, enrich the\nname with the wiphy name to make it clear which phy is using the workqueue."
			`}`
			`],`
			`"metrics": {},`
			`"references": [`
			`{`
			`"url": "https://git.kernel.org/stable/c/328efda22af81130c2ad981c110518cb29ff2f1d",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/4041c60a9d543b3ad50225385b072ba68e96166e",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/515cc676dfbce40d93c92b1ff3c1070e917f4e52",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/90ae293d1d255f622318fce6eeea2e18f9fde5c1",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/9ab0c303ccabfd6bdce14432792d41090070008c",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`}`
			`]`
			`}`