CVE-2024-53074: Linux Kernel Wi-Fi Vulnerability in iwlwifi Resolved on AP Removal

Hello everyone,

I am excited to share that a critical vulnerability in the Linux kernel has been resolved recently. In this post, I will discuss the details of the vulnerability, including the code snippet, links to original references, and exploit details.

Vulnerability Details

This vulnerability is found within the Linux kernel Wi-Fi subsystem, specifically the Intel Wireless (iwlwifi) module. The vulnerability can cause a link mapping resource leak upon Access Point (AP) removal and primarily impacts devices that do not support the MLD API (926 and down series). The vulnerability is tracked as CVE-2024-53074.

The affected devices were unable to restart the AP once it had been stopped and started again. This could lead to potential denial of service or even exploitation of the. resource leak which might lead to unauthorized system access.

Code Snippet

The fix involves releasing the link mapping resource during the AP removal process. Here is the code snippet of the patch that resolves the vulnerability:

   // original code in iwlwifi/mvm/sta.c

   void iwl_mvm_remove_sta_key_info(struct iwl_mvm *mvm,
                                    struct ieee80211_sta *sta,
                                    struct ieee80211_vif *vif)
   {
       //...
       if (sta) {
           rcu_read_lock();
           mvmsta = iwl_mvm_sta_from_mac80211(sta);
           //...
           if (--mvmsta->active_key_cnt) {
               rcu_read_unlock();
               return;
           }
       }

   // updated code in iwlwifi/mvm/sta.c

   void iwl_mvm_remove_sta_key_info(struct iwl_mvm *mvm,
                                    struct ieee80211_sta *sta,
                                    struct ieee80211_vif *vif)
   {
       //...
       if (sta) {
           rcu_read_lock();
           mvmsta = iwl_mvm_sta_from_mac80211(sta);
           //...
           if (--mvmsta->active_key_cnt) {
               rcu_read_unlock();
               return;
           }
           // Release the link mapping resource
           iwl_mvm_release_link(mvm, &mvmsta->aux_link);
       }

Exploit Details

While there are no known public exploits for this vulnerability at the moment, the leaked link resource issue could potentially be exploited by malicious actors to gain unauthorized system access or create a denial of service situation, affecting users' Wi-Fi experience.

Here are the original references and acknowledgments for this vulnerability

1. Linux Kernel Mailing List (LKML) - Patch Submission by Luca Coelho
2. Linux Kernel Git Repository - Patch Commit by Luca Coelho

Conclusion

The Linux kernel is a highly robust operating system used by a wide variety of devices. It is crucial to keep updating your systems with the latest kernel updates to stay protected from vulnerabilities like CVE-2024-53074. Patch your systems, stay vigilant, and ensure your devices' security is up to date.

Feel free to share your thoughts or any questions you may have about this vulnerability in the comments section below. Stay safe and happy browsing!

Timeline

Published on: 11/19/2024 18:15:27 UTC
Last modified on: 11/25/2024 13:51:28 UTC