CVE-2024-50236

Summary

CVE-2024-50236 is a vulnerability affecting the Linux kernel that involves a memory leak in the `ath10k` driver for wifi management packets. The current logic fails to free allocated memory during management packet transmission completion, leading to a kmemleak. The unreferenced memory is reported as an unreferenced object with a size of 16 bytes. The vulnerability can be exploited to consume system resources and potentially cause a denial-of-service condition. The issue has been resolved by freeing the memory during completion and cleanup, and by protecting the `mgmt_pending_tx` idr_remove() operation using a lock in `ath10k_wmi_tlv_op_cleanup_mgmt_tx_send()`. This vulnerability has been tested on the WCN3990 hw1.0 SNOC WLAN device.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.