CVE-2024-57995

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()

In ath12k_mac_assign_vif_to_vdev(), if arvif is created on a different radio, it gets deleted from that radio through a call to ath12k_mac_unassign_link_vif(). This action frees the arvif pointer. Subsequently, there is a check involving arvif, which will result in a read-after-free scenario.

Fix this by moving this check after arvif is again assigned via call to ath12k_mac_assign_link_vif().

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1

Published: Feb 27, 2025
Updated: May 4, 2025
CVE: CVE-2024-57995
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	6.10	6.13.2

https://git.kernel.org/stable/c/5a10971c7645a95f5d5dc23c26fbac4bf61801d0
https://git.kernel.org/stable/c/f3a95a312419e4f1e992525917da9dbcd247038f

Vulnerability Database

CVE-2024-57995

Deep Security Visibility Without the Complexity