ghsa-hqg6-v6r3-whgh
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()
During rtw89_entity_recalc_mgnt_roles(), there is a normalizing process
which will re-order the list if an entry with target pattern is found.
And once one is found, should have aborted the list_for_each_entry. But,
break just aborted the inner for-loop. The outer list_for_each_entry
still continues. Normally, only the first entry will match the target
pattern, and the re-ordering will change nothing, so there won't be
soft lockup. However, in some special cases, soft lockup would happen.
Fix it by goto fill to break from the list_for_each_entry.
The following is a sample of kernel log for this problem.
watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [wpa_supplicant:2055] [...] RIP: 0010:rtw89_entity_recalc ([...] chan.c:392 chan.c:479) rtw89_core [...]
{
"affected": [],
"aliases": [
"CVE-2024-57991"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-27T02:15:13Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()\n\nDuring rtw89_entity_recalc_mgnt_roles(), there is a normalizing process\nwhich will re-order the list if an entry with target pattern is found.\nAnd once one is found, should have aborted the list_for_each_entry. But,\n`break` just aborted the inner for-loop. The outer list_for_each_entry\nstill continues. Normally, only the first entry will match the target\npattern, and the re-ordering will change nothing, so there won\u0027t be\nsoft lockup. However, in some special cases, soft lockup would happen.\n\nFix it by `goto fill` to break from the list_for_each_entry.\n\nThe following is a sample of kernel log for this problem.\n\nwatchdog: BUG: soft lockup - CPU#1 stuck for 26s! [wpa_supplicant:2055]\n[...]\nRIP: 0010:rtw89_entity_recalc ([...] chan.c:392 chan.c:479) rtw89_core\n[...]",
"id": "GHSA-hqg6-v6r3-whgh",
"modified": "2025-02-27T03:34:00Z",
"published": "2025-02-27T03:34:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57991"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/01d2d34e9fcc9897081c3c16a666f793c8a38c58"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/223ba95fdcd3c6090e2bd51dce66abb6dd4f9df9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e4790b3e314a4814f1680a5dc552031fb199b878"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.