5.5

CVE-2024-47713

EPSS 0.04%
Veröffentlicht 21.10.2024 12:15:07
Zuletzt bearbeitet 03.11.2025 23:16:19
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()

Since '__dev_queue_xmit()' should be called with interrupts enabled,
the following backtrace:

ieee80211_do_stop()
 ...
 spin_lock_irqsave(&local->queue_stop_reason_lock, flags)
 ...
 ieee80211_free_txskb()
  ieee80211_report_used_skb()
   ieee80211_report_ack_skb()
    cfg80211_mgmt_tx_status_ext()
     nl80211_frame_tx_status()
      genlmsg_multicast_netns()
       genlmsg_multicast_netns_filtered()
        nlmsg_multicast_filtered()
	 netlink_broadcast_filtered()
	  do_one_broadcast()
	   netlink_broadcast_deliver()
	    __netlink_sendskb()
	     netlink_deliver_tap()
	      __netlink_deliver_tap_skb()
	       dev_queue_xmit()
	        __dev_queue_xmit() ; with IRQS disabled
 ...
 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags)

issues the warning (as reported by syzbot reproducer):

WARNING: CPU: 2 PID: 5128 at kernel/softirq.c:362 __local_bh_enable_ip+0xc3/0x120

Fix this by implementing a two-phase skb reclamation in
'ieee80211_do_stop()', where actual work is performed
outside of a section with interrupts disabled.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 2.6.32 < 5.10.227

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.168

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.113

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.54

Linux ≫ Linux Kernel Version >= 6.7 < 6.10.13

Linux ≫ Linux Kernel Version >= 6.11 < 6.11.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.128

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

https://git.kernel.org/stable/c/04f75f5bae33349283d6886901d9acd2f110c024

https://git.kernel.org/stable/c/058c9026ad79dc98572442fd4c7e9a36aba6f596

Patch

https://git.kernel.org/stable/c/07eb0bd7b0a8abed9d45e0f567c9af1dc83e5268

https://git.kernel.org/stable/c/9d301de12da6e1bb069a9835c38359b8e8135121

Patch

https://git.kernel.org/stable/c/acb53a716e492a02479345157c43f21edc8bc64b

Patch

https://git.kernel.org/stable/c/ad4b7068b101fbbb4a9ca4b99b25eb051a9482ec

Patch

https://git.kernel.org/stable/c/db5ca4b42ccfa42d2af7b335ff12578e57775c02

Patch

https://git.kernel.org/stable/c/eab272972cffff9cd973b8e4055a8e81c64f7e6a

Patch

https://git.kernel.org/stable/c/f232916fab67ca1c3425926df4a866e59ff26908

Patch

https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

https://nvd.nist.gov/vuln/detail/CVE-2024-47713

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47713

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47713

EUVD