CVE-2024-57995
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-57995
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-57995.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-57995
- Downstream
- Related
- Published
- 2025-02-27T02:07:16.163Z
- Modified
- 2025-12-05T08:13:13.573442Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix read pointer after free in ath12kmacassignvifto_vdev()
In ath12kmacassignviftovdev(), if arvif is created on a different radio, it gets deleted from that radio through a call to ath12kmacunassignlink_vif(). This action frees the arvif pointer. Subsequently, there is a check involving arvif, which will result in a read-after-free scenario.
Fix this by moving this check after arvif is again assigned via call to ath12kmacassignlinkvif().
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57995.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/57100b87c77818cb0d582a92e5cb32fff85c757d
- https://git.kernel.org/stable/c/5a10971c7645a95f5d5dc23c26fbac4bf61801d0
- https://git.kernel.org/stable/c/f3a95a312419e4f1e992525917da9dbcd247038f
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57995.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-57995
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb5068bc9180d06a5ac242b0f9263047c14f86211Fixed57100b87c77818cb0d582a92e5cb32fff85c757dFixedf3a95a312419e4f1e992525917da9dbcd247038fFixed5a10971c7645a95f5d5dc23c26fbac4bf61801d0
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.39
v6.12.4
v6.12.40
v6.12.41
v6.12.42
v6.12.43
v6.12.44
v6.12.45
v6.12.46
v6.12.47
v6.12.48
v6.12.49
v6.12.5
v6.12.50
v6.12.51
v6.12.52
v6.12.53
v6.12.54
v6.12.55
v6.12.56
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.13.1
v6.9
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7