The Linux kernel recently resolved a vulnerability in the wifi drivers for ath11k. The vulnerability was due to the improper assignment of the buffer length field of ath11k_mhi_config_qca639, causing a default size of 64KB to be used for channel buffer allocation. This default size could lead to allocation failures in situations where the system memory is highly fragmented and memory compaction or reclaim is not allowed.
Vulnerability Details
The vulnerability concerns improper buffer length allocation in wifi drivers, specifically in the MHI channel buffer assignment of ath11k_mhi_config_qca639. When the buffer length field is assigned with a value, the default 64KB size is used, which may fail when system memory is highly fragmented, as evidenced in the following fail report:
[fail report details, see the content provided]
The resolution of the vulnerability involves updating the buffer length field to 8KB, as the largest packet size for QMI target to host communication on WCN6855 and QCA639 is less than 6KB. Changing the buffer length to 8KB saves memory and decreases the possibility of allocation failure in the affected scenarios.
Resolution and Code Snippet
The updated code snippet for assigning the buffer length field of ath11k_mhi_config_qca639 now indicates a new assignment value to 8KB instead of the previous value:
ath11k_mhi_config_qca639.buf_len = x200; // Assign 8KB to buffer length
This change ensures that the allocation of the MHI channel buffers will now consume less memory, decreasing the likelihood of experiencing allocation failures due to highly fragmented memory situations.
References
- Original Linux kernel commit addressing this vulnerability
- Linux kernel bug report
Exploit Details
While there is no confirmed exploit leveraging this vulnerability, it is essential to update Linux kernel systems running wifi devices with ath11k drivers to ensure proper memory allocation and prevent potential denial of service attacks due to memory fragmentation and allocation failure.
Conclusion
CVE-2024-35938 highlights a Linux kernel vulnerability in the ath11k wifi drivers that can lead to allocation failures in specific memory scenarios. By addressing the improper buffer length assignment, developers can ensure better memory management and improved system stability.
Timeline
Published on: 05/19/2024 11:15:49 UTC
Last modified on: 12/19/2024 08:58:40 UTC