SB2024111006 - Memory leak in Linux kernel ath ath10k driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2024-50236)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the wmi_process_mgmt_tx_comp() and ath10k_wmi_mgmt_tx_clean_up_pending() functions in drivers/net/wireless/ath/ath10k/wmi.c, within the ath10k_wmi_tlv_op_cleanup_mgmt_tx_send() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/eff818238bedb9c2484c251ec46f9f160911cdc0
• https://git.kernel.org/stable/c/6fc9af3df6ca7f3c94774d20f62dc7b49616026d
• https://git.kernel.org/stable/c/4112450da7d67b59ccedc2208bae622db17dbcb8
• https://git.kernel.org/stable/c/705be2dc45c7f852e211e16bc41a916fab741983
• https://git.kernel.org/stable/c/6cc23898e6ba47e976050d3c080b4d2c1add3748
• https://git.kernel.org/stable/c/5f5a939759c79e7385946c85e62feca51a18d816
• https://git.kernel.org/stable/c/2f6f1e26ac6d2b38e2198a71f81f0ade14d6b07b
• https://git.kernel.org/stable/c/e15d84b3bba187aa372dff7c58ce1fd5cb48a076
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.323
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.229
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.171
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.285
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.116
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.7
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.60