CVE-2024-46827

Summary

CVE-2024-46827 is a vulnerability affecting the Linux kernel's ath12k driver. This issue arises when the driver receives an association request with an invalid MCS-NSS value in an Extended HE Capabilities Information Element from an access point. For bandwidths where EHT-PHY capabilities are shown, but the MCS-NSS value is set to zero, the driver obtains an invalid peer_nss value of 0. Sending this value to the firmware causes a crash. To mitigate this issue, a validation step for the peer_nSS value should be implemented before forwarding it to the firmware. If the value is greater than zero, proceed with forwarding it. However, if the value is invalid, reject the association request to prevent potential firmware crashes. This vulnerability has been tested on QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.