CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-50236: wifi: ath10k: Fix memory leak in management tx

5.5 CVSS

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath10k: Fix memory leak in management tx

In the current logic, memory is allocated for storing the MSDU context
during management packet TX but this memory is not being freed during
management TX completion. Similar leaks are seen in the management TX
cleanup logic.

Kmemleak reports this problem as below,

unreferenced object 0xffffff80b64ed250 (size 16):
comm "kworker/u16:7", pid 148, jiffies 4294687130 (age 714.199s)
hex dump (first 16 bytes):
00 2b d8 d8 80 ff ff ff c4 74 e9 fd 07 00 00 00 .+.......t......
backtrace:
[] __kmem_cache_alloc_node+0x1e4/0x2d8
[] kmalloc_trace+0x48/0x110
[] ath10k_wmi_tlv_op_gen_mgmt_tx_send+0xd4/0x1d8 [ath10k_core]
[] ath10k_mgmt_over_wmi_tx_work+0x134/0x298 [ath10k_core]
[] process_scheduled_works+0x1ac/0x400
[] worker_thread+0x208/0x328
[] kthread+0x100/0x1c0
[] ret_from_fork+0x10/0x20

Free the memory during completion and cleanup to fix the leak.

Protect the mgmt_pending_tx idr_remove() operation in
ath10k_wmi_tlv_op_cleanup_mgmt_tx_send() using ar->data_lock similar to
other instances.

Tested-on: WCN3990 hw1.0 SNOC WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1

Classification

CVE ID: CVE-2024-50236

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.5

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 17.86% (scored less or equal to compared to others)

EPSS Date: 2025-06-02 (when was this score calculated)

References

Timeline

2025-03-06 09:45:31 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2024-50236
2025-05-04 10:40:22 UTC
CVE

wifi: ath10k: Fix memory leak in management tx