Bug 2348536 (CVE-2024-57991) - CVE-2024-57991 kernel: wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()
Summary: CVE-2024-57991 kernel: wifi: rtw89: chan: fix soft lockup in rtw89_entity_rec...
Keywords:
Status: NEW
Alias: CVE-2024-57991
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-27 03:02 UTC by OSIDB Bzimport
Modified: 2025-02-27 16:15 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-02-27 03:02:23 UTC 
In the Linux kernel, the following vulnerability has been resolved:

wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()

During rtw89_entity_recalc_mgnt_roles(), there is a normalizing process
which will re-order the list if an entry with target pattern is found.
And once one is found, should have aborted the list_for_each_entry. But,
`break` just aborted the inner for-loop. The outer list_for_each_entry
still continues. Normally, only the first entry will match the target
pattern, and the re-ordering will change nothing, so there won't be
soft lockup. However, in some special cases, soft lockup would happen.

Fix it by `goto fill` to break from the list_for_each_entry.

The following is a sample of kernel log for this problem.

watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [wpa_supplicant:2055]
[...]
RIP: 0010:rtw89_entity_recalc ([...] chan.c:392 chan.c:479) rtw89_core
[...]
Comment 1 Michal Findra 2025-02-27 16:10:02 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022638-CVE-2024-57991-a3e1@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.