{
  "id": "CVE-2024-47724",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-10-21T13:15:02.590",
  "lastModified": "2024-10-23T21:41:13.390",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: use work queue to process beacon tx event\n\nCommit 3a415daa3e8b (\"wifi: ath11k: add P2P IE in beacon template\")\nfrom Feb 28, 2024 (linux-next), leads to the following Smatch static\nchecker warning:\n\ndrivers/net/wireless/ath/ath11k/wmi.c:1742 ath11k_wmi_p2p_go_bcn_ie()\nwarn: sleeping in atomic context\n\nThe reason is that ath11k_bcn_tx_status_event() will directly call might\nsleep function ath11k_wmi_cmd_send() during RCU read-side critical\nsections. The call trace is like:\n\nath11k_bcn_tx_status_event()\n-> rcu_read_lock()\n-> ath11k_mac_bcn_tx_event()\n\t-> ath11k_mac_setup_bcn_tmpl()\n\t\u2026\u2026\n\t\t-> ath11k_wmi_bcn_tmpl()\n\t\t\t-> ath11k_wmi_cmd_send()\n-> rcu_read_unlock()\n\nCommit 886433a98425 (\"ath11k: add support for BSS color change\") added the\nath11k_mac_bcn_tx_event(), commit 01e782c89108 (\"ath11k: fix warning\nof RCU usage for ath11k_mac_get_arvif_by_vdev_id()\") added the RCU lock\nto avoid warning but also introduced this BUG.\n\nUse work queue to avoid directly calling ath11k_mac_bcn_tx_event()\nduring RCU critical sections. No need to worry about the deletion of vif\nbecause cancel_work_sync() will drop the work if it doesn't start or\nblock vif deletion until the running work is done.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath11k: usar cola de trabajo para procesar evento beacon tx el commit 3a415daa3e8b (\"wifi: ath11k: agregar P2P IE en plantilla beacon\") del 28 de febrero de 2024 (linux-next) genera la siguiente advertencia del verificador est\u00e1tico de Smatch: drivers/net/wireless/ath/ath11k/wmi.c:1742 ath11k_wmi_p2p_go_bcn_ie() warn: durmiendo en contexto at\u00f3mico La raz\u00f3n es que ath11k_bcn_tx_status_event() llamar\u00e1 directamente a la funci\u00f3n de suspensi\u00f3n ath11k_wmi_cmd_send() durante las secciones cr\u00edticas del lado de lectura de RCU. El seguimiento de la llamada es as\u00ed: ath11k_bcn_tx_status_event() -&gt; rcu_read_lock() -&gt; ath11k_mac_bcn_tx_event() -&gt; ath11k_mac_setup_bcn_tmpl() \u2026\u2026 -&gt; ath11k_wmi_bcn_tmpl() -&gt; ath11k_wmi_cmd_send() -&gt; rcu_read_unlock() el commit 886433a98425 (\"ath11k: agregar soporte para cambio de color BSS\") agreg\u00f3 ath11k_mac_bcn_tx_event(), el commit 01e782c89108 (\"ath11k: corregir advertencia de uso de RCU para ath11k_mac_get_arvif_by_vdev_id()\") agreg\u00f3 el bloqueo de RCU para evitar advertencias pero tambi\u00e9n introdujo este ERROR. Utilice la cola de trabajo para evitar llamar directamente a ath11k_mac_bcn_tx_event() durante las secciones cr\u00edticas de RCU. No es necesario preocuparse por la eliminaci\u00f3n de vif porque cancel_work_sync() descartar\u00e1 el trabajo si no comienza o bloquear\u00e1 la eliminaci\u00f3n de vif hasta que finalice el trabajo en ejecuci\u00f3n. Probado en: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "6.10",
              "versionEndExcluding": "6.10.13",
              "matchCriteriaId": "767D4D2D-C6E7-4B7D-9446-CFC8F8FF2FBB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "6.11",
              "versionEndExcluding": "6.11.2",
              "matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/177b49dbf9c1d8f9f25a22ffafa416fc2c8aa6a3",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "https://git.kernel.org/stable/c/6db232905e094e64abff1f18249905d068285e09",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "https://git.kernel.org/stable/c/dbd51da69dda1137723b8f66460bf99a9dac8dd2",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ]
    }
  ]
}