CVE-2024-38572

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-38572
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38572.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-38572
Downstream
Related
Published
2024-06-19T13:35:37Z
Modified
2025-10-21T23:20:57.848028Z
Summary
wifi: ath12k: fix out-of-bound access of qmi_invoke_handler()
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: fix out-of-bound access of qmiinvokehandler()

Currently, there is no terminator entry for ath12kqmimsg_handlers hence facing below KASAN warning,

================================================================== BUG: KASAN: global-out-of-bounds in qmiinvokehandler+0xa4/0x148 Read of size 8 at addr ffffffd00a6428d8 by task kworker/u8:2/1273

CPU: 0 PID: 1273 Comm: kworker/u8:2 Not tainted 5.4.213 #0 Workqueue: qmimsghandler qmidatareadywork Call trace: dumpbacktrace+0x0/0x20c showstack+0x14/0x1c dumpstack+0xe0/0x138 printaddressdescription.isra.5+0x30/0x330 _kasanreport+0x16c/0x1bc kasanreport+0xc/0x14 _asanload8+0xa8/0xb0 qmiinvokehandler+0xa4/0x148 qmihandlemessage+0x18c/0x1bc qmidatareadywork+0x4ec/0x528 processonework+0x2c0/0x440 workerthread+0x324/0x4b8 kthread+0x210/0x228 retfrom_fork+0x10/0x18

The address belongs to the variable: ath12kmacmonstatusfilter_default+0x4bd8/0xfffffffffffe2300 [ath12k] [...] ==================================================================

Add a dummy terminator entry at the end to assist the qmiinvokehandler() in traversing up to the terminator entry without accessing an out-of-boundary index.

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d889913205cf7ebda905b1e62c5867ed4e39f6c2
Fixed
95575de7dede7b1ed3b9718dab9dda97914ea775
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d889913205cf7ebda905b1e62c5867ed4e39f6c2
Fixed
b48d40f5840c505b7af700594aa8379eec28e925
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d889913205cf7ebda905b1e62c5867ed4e39f6c2
Fixed
a1abdb63628b04855a929850772de97435ed1555
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d889913205cf7ebda905b1e62c5867ed4e39f6c2
Fixed
e1bdff48a1bb4a4ac660c19c55a820968c48b3f2

Affected versions

v6.*

v6.1
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.10
v6.8.11
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.3.0
Fixed
6.6.33
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.8.12
Type
ECOSYSTEM
Events
Introduced
6.9.0
Fixed
6.9.3