CVE-2024-56541

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 27, 2024

Updated: Feb 11, 2025

CWE ID 416

Summary

CVE-2024-56541 is a use-after-free vulnerability in the Linux kernel's ath12k driver. During the removal of the ath12k module, ath12k_dp_cc_cleanup() attempts to access a previously freed ar (Associated Rate) from a pending skb (Socket Buffer), leading to the use-after-free issue. The vulnerability occurs due to a failure to flush all data packets before unregistering the driver and freeing the associated memory. The KASAN memory error detection tool identified this issue, and the commit "wifi: ath12k: fix flush failure in recovery scenarios" was added to prevent the packets from being accessed after they have been freed. To mitigate this vulnerability, the driver should avoid accessing ar from skb->cb during unregistration.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners