CVE-2024-27391 is a vulnerability identified in the Linux kernel's wireless driver for the WILC1000 Wi-Fi chipset. The issue arises from improper management of workqueues within the driver code. Specifically, the function wilc_netdev_ifc_init, which is called each time a new network interface is added over a physical device (phy), reallocates the workqueue repeatedly instead of reusing a single instance. This leads to a resource leak where multiple workqueues are created and overwritten without proper cleanup. The vulnerability was introduced by a commit that renamed the workqueue and moved its creation to wilc_netdev_ifc_init to include the interface name in the workqueue's name. However, since only one workqueue is needed per driver instance, this approach caused unnecessary reallocations. The leak can be observed by repeatedly adding and deleting wireless interfaces, resulting in multiple kernel worker threads (kworker) associated with wlan interfaces. The fix involves moving the workqueue allocation back to wilc_cfg80211_init, ensuring only one workqueue is created per device, and adjusting the naming convention to include the wiphy name instead of the netdev name. This correction prevents resource exhaustion and potential instability in the kernel's wireless subsystem. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

For European organizations, this vulnerability primarily poses a risk of resource exhaustion and potential denial of service on systems using the affected Linux kernel versions with the WILC1000 wireless driver. Systems that frequently add and remove wireless interfaces dynamically, such as embedded devices, IoT gateways, or network appliances running Linux with this driver, could experience degraded performance or kernel instability. While this does not directly lead to privilege escalation or remote code execution, the resulting resource leak could be exploited by an attacker with local access to cause denial of service, impacting availability. Organizations relying on Linux-based infrastructure with wireless connectivity, especially in industrial, telecommunications, or critical infrastructure sectors, should be aware of this issue. The impact is more pronounced in environments where wireless interfaces are dynamically managed or where system uptime and reliability are critical.

To mitigate this vulnerability, European organizations should: 1) Apply the patch provided by the Linux kernel maintainers that moves the workqueue allocation back to wilc_cfg80211_init and corrects the naming scheme. 2) Update Linux kernel versions to the fixed releases as soon as they become available, prioritizing systems using the WILC1000 wireless chipset. 3) Monitor systems for unusual numbers of kworker threads related to wlan interfaces, which may indicate the presence of the resource leak. 4) Limit the ability of unprivileged users to add or remove wireless interfaces dynamically, reducing the risk of triggering the leak. 5) For embedded or IoT devices using custom Linux builds, ensure that the kernel source is updated and rebuilt with the fix integrated. 6) Implement system monitoring and alerting for kernel resource exhaustion symptoms to detect potential exploitation attempts early. These steps go beyond generic advice by focusing on the specific driver and usage patterns involved in this vulnerability.