CVE-2024-53191
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-53191
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53191.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-53191
- Downstream
- Related
- Published
- 2024-12-27T13:49:33.617Z
- Modified
- 2025-11-20T07:13:41.749968Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- wifi: ath12k: fix warning when unbinding
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix warning when unbinding
If there is an error during some initialization related to firmware, the buffers dp->txring[i].txstatus are released. However this is released again when the device is unbinded (ath12kpci), and we get: WARNING: CPU: 0 PID: 2098 at mm/slub.c:4689 freelargekmalloc+0x4d/0x80 Call Trace: freelargekmalloc ath12kdpfree ath12kcoredeinit ath12kpci_remove ...
The issue is always reproducible from a VM because the MSI addressing initialization is failing.
In order to fix the issue, just set the buffers to NULL after releasing in order to avoid the double free.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/223b546c6222d42147eff034433002ca5e2e7e09
- https://git.kernel.org/stable/c/90556b96338aa6037cd26dac857327fda7c19732
- https://git.kernel.org/stable/c/94c9100b600f05a36b33f9ed76dbd6fb0eb25386
- https://git.kernel.org/stable/c/ca68ce0d9f4bcd032fd1334441175ae399642a06
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd889913205cf7ebda905b1e62c5867ed4e39f6c2Fixed223b546c6222d42147eff034433002ca5e2e7e09
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd889913205cf7ebda905b1e62c5867ed4e39f6c2Fixed90556b96338aa6037cd26dac857327fda7c19732
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd889913205cf7ebda905b1e62c5867ed4e39f6c2Fixed94c9100b600f05a36b33f9ed76dbd6fb0eb25386
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd889913205cf7ebda905b1e62c5867ed4e39f6c2Fixedca68ce0d9f4bcd032fd1334441175ae399642a06
Affected versions
v6.*
v6.1
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.11.1
v6.11.10
v6.11.2
v6.11.3
v6.11.4
v6.11.5
v6.11.6
v6.11.7
v6.11.8
v6.11.9
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"id": "CVE-2024-53191-23013cf8",
"signature_version": "v1",
"digest": {
"length": 413.0,
"function_hash": "63580368121820743684588057902516267961"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@94c9100b600f05a36b33f9ed76dbd6fb0eb25386",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp.c",
"function": "ath12k_dp_free"
}
},
{
"id": "CVE-2024-53191-323de2ee",
"signature_version": "v1",
"digest": {
"length": 413.0,
"function_hash": "63580368121820743684588057902516267961"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@90556b96338aa6037cd26dac857327fda7c19732",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp.c",
"function": "ath12k_dp_free"
}
},
{
"id": "CVE-2024-53191-3779a8ae",
"signature_version": "v1",
"digest": {
"length": 413.0,
"function_hash": "63580368121820743684588057902516267961"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@223b546c6222d42147eff034433002ca5e2e7e09",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp.c",
"function": "ath12k_dp_free"
}
},
{
"id": "CVE-2024-53191-7b759d17",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"43157106520363168277784931902627403981",
"63401320418298070773424600236544122286",
"265734015741190274194822033040614921689",
"50125516326765727069546761985892260368",
"40594504330879573092387237457747717413"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ca68ce0d9f4bcd032fd1334441175ae399642a06",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp.c"
}
},
{
"id": "CVE-2024-53191-8898a3fc",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"43157106520363168277784931902627403981",
"63401320418298070773424600236544122286",
"265734015741190274194822033040614921689",
"50125516326765727069546761985892260368",
"40594504330879573092387237457747717413"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@90556b96338aa6037cd26dac857327fda7c19732",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp.c"
}
},
{
"id": "CVE-2024-53191-90037b07",
"signature_version": "v1",
"digest": {
"length": 413.0,
"function_hash": "63580368121820743684588057902516267961"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ca68ce0d9f4bcd032fd1334441175ae399642a06",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp.c",
"function": "ath12k_dp_free"
}
},
{
"id": "CVE-2024-53191-ee272e1f",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"43157106520363168277784931902627403981",
"63401320418298070773424600236544122286",
"265734015741190274194822033040614921689",
"50125516326765727069546761985892260368",
"40594504330879573092387237457747717413"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@223b546c6222d42147eff034433002ca5e2e7e09",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp.c"
}
},
{
"id": "CVE-2024-53191-f5b71a19",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"43157106520363168277784931902627403981",
"63401320418298070773424600236544122286",
"265734015741190274194822033040614921689",
"50125516326765727069546761985892260368",
"40594504330879573092387237457747717413"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@94c9100b600f05a36b33f9ed76dbd6fb0eb25386",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp.c"
}
}
]