CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-42114: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values

4.4 CVSS

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values

syzbot is able to trigger softlockups, setting NL80211_ATTR_TXQ_QUANTUM
to 2^31.

We had a similar issue in sch_fq, fixed with commit
d9e15a273306 ("pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM")

watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [kworker/1:0:24]
Modules linked in:
irq event stamp: 131135
hardirqs last enabled at (131134): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:85 [inline]
hardirqs last enabled at (131134): [] exit_to_kernel_mode+0xdc/0x10c arch/arm64/kernel/entry-common.c:95
hardirqs last disabled at (131135): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]
hardirqs last disabled at (131135): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551
softirqs last enabled at (125892): [] neigh_hh_init net/core/neighbour.c:1538 [inline]
softirqs last enabled at (125892): [] neigh_resolve_output+0x268/0x658 net/core/neighbour.c:1553
softirqs last disabled at (125896): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
CPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: mld mld_ifc_work
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __list_del include/linux/list.h:195 [inline]
pc : __list_del_entry include/linux/list.h:21...

Classification

CVE ID: CVE-2024-42114

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.4

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 16.43% (scored less or equal to compared to others)

EPSS Date: 2025-06-02 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-42114
https://git.kernel.org/stable/c/80ac0cc9c0bef984e29637b1efa93d7214b42f53
https://git.kernel.org/stable/c/33ac5a4eb3d4bea2146658f1b6d1fa86d62d2b22
https://git.kernel.org/stable/c/3fc06f6d142d2840735543216a60d0a8c345bdec
https://git.kernel.org/stable/c/8a3ac7fb36962c34698f884bd697938054ff2afa
https://git.kernel.org/stable/c/e87c2f098f52aa2fe20258a5bb1738d6a74e9ed7
https://git.kernel.org/stable/c/d1cba2ea8121e7fdbe1328cea782876b1dd80993

Timeline