CVE-2024-35938: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: decrease MHI channel buffer length to 8KB Currently buf_len field of ath11k_mhi_config_qca6390 is assigned with 0, making MHI use a default size, 64KB, to allocate channel buffers. This is likely to fail in some scenarios where system memory is highly fragmented and memory compaction or reclaim is not allowed. There is a fail report which is caused by it: kworker/u32:45: page allocation failure: order:4, mode:0x40c00(GFP_NOIO|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0 CPU: 0 PID: 19318 Comm: kworker/u32:45 Not tainted 6.8.0-rc3-1.gae4495f-default #1 openSUSE Tumbleweed (unreleased) 493b6d5b382c603654d7a81fc3c144d59a1dfceb Workqueue: events_unbound async_run_entry_fn Call Trace: <TASK> dump_stack_lvl+0x47/0x60 warn_alloc+0x13a/0x1b0 ? srso_alias_return_thunk+0x5/0xfbef5 ? __alloc_pages_direct_compact+0xab/0x210 __alloc_pages_slowpath.constprop.0+0xd3e/0xda0 __alloc_pages+0x32d/0x350 ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __kmalloc_large_node+0x72/0x110 __kmalloc+0x37c/0x480 ? mhi_map_single_no_bb+0x77/0xf0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __mhi_prepare_for_transfer+0x44/0x80 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? __pfx_____mhi_prepare_for_transfer+0x10/0x10 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] device_for_each_child+0x5c/0xa0 ? __pfx_pci_pm_resume+0x10/0x10 ath11k_core_resume+0x65/0x100 [ath11k a5094e22d7223135c40d93c8f5321cf09fd85e4e] ? srso_alias_return_thunk+0x5/0xfbef5 ath11k_pci_pm_resume+0x32/0x60 [ath11k_pci 830b7bfc3ea80ebef32e563cafe2cb55e9cc73ec] ? srso_alias_return_thunk+0x5/0xfbef5 dpm_run_callback+0x8c/0x1e0 device_resume+0x104/0x340 ? __pfx_dpm_watchdog_handler+0x10/0x10 async_resume+0x1d/0x30 async_run_entry_fn+0x32/0x120 process_one_work+0x168/0x330 worker_thread+0x2f5/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe8/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> Actually those buffers are used only by QMI target -> host communication. And for WCN6855 and QCA6390, the largest packet size for that is less than 6KB. So change buf_len field to 8KB, which results in order 1 allocation if page size is 4KB. In this way, we can at least save some memory, and as well as decrease the possibility of allocation failure in those scenarios. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30
AI Analysis
Technical Summary
CVE-2024-35938 is a vulnerability identified in the Linux kernel's ath11k wireless driver, specifically related to the MHI (Modem Host Interface) channel buffer length configuration for Qualcomm chipsets such as QCA6390 and WCN6855. The vulnerability arises because the buf_len field in the ath11k_mhi_config_qca6390 structure was set to zero, causing the MHI subsystem to default to allocating 64KB buffers for channel communication. This large buffer allocation can fail in scenarios where system memory is highly fragmented and memory compaction or reclaim is restricted, leading to page allocation failures and kernel warnings or errors. The failure is exemplified by kernel logs showing allocation failures with GFP_NOIO and __GFP_COMP flags, indicating that memory allocation requests for order 4 pages (64KB) are unsuccessful under certain conditions. These buffers are used exclusively for QMI (Qualcomm MSM Interface) target-to-host communication, and the largest packet size for these communications is less than 6KB. The fix involves reducing the buffer length to 8KB, which corresponds to an order 1 allocation (two contiguous 4KB pages), significantly reducing the likelihood of allocation failure in fragmented memory environments. This change optimizes memory usage and improves stability for affected wireless drivers on Linux systems using these Qualcomm chipsets. The vulnerability does not appear to have known exploits in the wild and was tested on specific hardware versions such as WCN6855 hw2.0. No CVSS score has been assigned yet, but the issue is primarily a stability and availability concern rather than a direct confidentiality or integrity compromise. The vulnerability affects Linux kernel versions containing the specified commit hashes and is relevant for systems running these Qualcomm wireless chipsets with the ath11k driver.
Potential Impact
For European organizations, the impact of CVE-2024-35938 primarily concerns system stability and availability of Linux-based devices using Qualcomm ath11k wireless chipsets, particularly QCA6390 and WCN6855. Organizations relying on Linux servers, embedded systems, or network infrastructure with these wireless components may experience kernel page allocation failures leading to degraded wireless performance, intermittent connectivity issues, or kernel warnings that could escalate to system instability or crashes under memory pressure conditions. This could affect critical infrastructure, enterprise wireless networks, and IoT deployments that utilize these chipsets. While the vulnerability does not directly expose data confidentiality or integrity, the resulting instability could disrupt business operations, especially in environments where wireless connectivity is essential. Additionally, failure to address this vulnerability could complicate incident response and system maintenance due to unpredictable kernel behavior. The absence of known exploits reduces immediate risk, but the potential for denial-of-service-like conditions through resource exhaustion warrants prompt remediation in production environments.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch reducing the MHI channel buffer length from 64KB to 8KB for the ath11k driver. This update mitigates the risk of memory allocation failures under fragmented memory conditions. Specifically, organizations should: 1) Identify all systems running Linux kernels with Qualcomm ath11k drivers supporting QCA6390 or WCN6855 chipsets. 2) Apply vendor-supplied kernel updates or patches that address CVE-2024-35938. 3) For custom or embedded Linux distributions, backport the patch to maintain stability. 4) Monitor kernel logs for page allocation failures or related warnings as indicators of memory pressure issues. 5) Optimize system memory management policies to reduce fragmentation, such as tuning memory compaction settings or avoiding disabling memory reclaim where possible. 6) Test wireless functionality post-patch to ensure no regressions in connectivity or performance. 7) Incorporate this vulnerability into vulnerability management and patching workflows to ensure timely remediation. These steps go beyond generic advice by focusing on chipset-specific driver updates, memory management tuning, and proactive monitoring tailored to the nature of the vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-35938: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: decrease MHI channel buffer length to 8KB Currently buf_len field of ath11k_mhi_config_qca6390 is assigned with 0, making MHI use a default size, 64KB, to allocate channel buffers. This is likely to fail in some scenarios where system memory is highly fragmented and memory compaction or reclaim is not allowed. There is a fail report which is caused by it: kworker/u32:45: page allocation failure: order:4, mode:0x40c00(GFP_NOIO|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0 CPU: 0 PID: 19318 Comm: kworker/u32:45 Not tainted 6.8.0-rc3-1.gae4495f-default #1 openSUSE Tumbleweed (unreleased) 493b6d5b382c603654d7a81fc3c144d59a1dfceb Workqueue: events_unbound async_run_entry_fn Call Trace: <TASK> dump_stack_lvl+0x47/0x60 warn_alloc+0x13a/0x1b0 ? srso_alias_return_thunk+0x5/0xfbef5 ? __alloc_pages_direct_compact+0xab/0x210 __alloc_pages_slowpath.constprop.0+0xd3e/0xda0 __alloc_pages+0x32d/0x350 ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __kmalloc_large_node+0x72/0x110 __kmalloc+0x37c/0x480 ? mhi_map_single_no_bb+0x77/0xf0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __mhi_prepare_for_transfer+0x44/0x80 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? __pfx_____mhi_prepare_for_transfer+0x10/0x10 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] device_for_each_child+0x5c/0xa0 ? __pfx_pci_pm_resume+0x10/0x10 ath11k_core_resume+0x65/0x100 [ath11k a5094e22d7223135c40d93c8f5321cf09fd85e4e] ? srso_alias_return_thunk+0x5/0xfbef5 ath11k_pci_pm_resume+0x32/0x60 [ath11k_pci 830b7bfc3ea80ebef32e563cafe2cb55e9cc73ec] ? srso_alias_return_thunk+0x5/0xfbef5 dpm_run_callback+0x8c/0x1e0 device_resume+0x104/0x340 ? __pfx_dpm_watchdog_handler+0x10/0x10 async_resume+0x1d/0x30 async_run_entry_fn+0x32/0x120 process_one_work+0x168/0x330 worker_thread+0x2f5/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe8/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> Actually those buffers are used only by QMI target -> host communication. And for WCN6855 and QCA6390, the largest packet size for that is less than 6KB. So change buf_len field to 8KB, which results in order 1 allocation if page size is 4KB. In this way, we can at least save some memory, and as well as decrease the possibility of allocation failure in those scenarios. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30
AI-Powered Analysis
Technical Analysis
CVE-2024-35938 is a vulnerability identified in the Linux kernel's ath11k wireless driver, specifically related to the MHI (Modem Host Interface) channel buffer length configuration for Qualcomm chipsets such as QCA6390 and WCN6855. The vulnerability arises because the buf_len field in the ath11k_mhi_config_qca6390 structure was set to zero, causing the MHI subsystem to default to allocating 64KB buffers for channel communication. This large buffer allocation can fail in scenarios where system memory is highly fragmented and memory compaction or reclaim is restricted, leading to page allocation failures and kernel warnings or errors. The failure is exemplified by kernel logs showing allocation failures with GFP_NOIO and __GFP_COMP flags, indicating that memory allocation requests for order 4 pages (64KB) are unsuccessful under certain conditions. These buffers are used exclusively for QMI (Qualcomm MSM Interface) target-to-host communication, and the largest packet size for these communications is less than 6KB. The fix involves reducing the buffer length to 8KB, which corresponds to an order 1 allocation (two contiguous 4KB pages), significantly reducing the likelihood of allocation failure in fragmented memory environments. This change optimizes memory usage and improves stability for affected wireless drivers on Linux systems using these Qualcomm chipsets. The vulnerability does not appear to have known exploits in the wild and was tested on specific hardware versions such as WCN6855 hw2.0. No CVSS score has been assigned yet, but the issue is primarily a stability and availability concern rather than a direct confidentiality or integrity compromise. The vulnerability affects Linux kernel versions containing the specified commit hashes and is relevant for systems running these Qualcomm wireless chipsets with the ath11k driver.
Potential Impact
For European organizations, the impact of CVE-2024-35938 primarily concerns system stability and availability of Linux-based devices using Qualcomm ath11k wireless chipsets, particularly QCA6390 and WCN6855. Organizations relying on Linux servers, embedded systems, or network infrastructure with these wireless components may experience kernel page allocation failures leading to degraded wireless performance, intermittent connectivity issues, or kernel warnings that could escalate to system instability or crashes under memory pressure conditions. This could affect critical infrastructure, enterprise wireless networks, and IoT deployments that utilize these chipsets. While the vulnerability does not directly expose data confidentiality or integrity, the resulting instability could disrupt business operations, especially in environments where wireless connectivity is essential. Additionally, failure to address this vulnerability could complicate incident response and system maintenance due to unpredictable kernel behavior. The absence of known exploits reduces immediate risk, but the potential for denial-of-service-like conditions through resource exhaustion warrants prompt remediation in production environments.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch reducing the MHI channel buffer length from 64KB to 8KB for the ath11k driver. This update mitigates the risk of memory allocation failures under fragmented memory conditions. Specifically, organizations should: 1) Identify all systems running Linux kernels with Qualcomm ath11k drivers supporting QCA6390 or WCN6855 chipsets. 2) Apply vendor-supplied kernel updates or patches that address CVE-2024-35938. 3) For custom or embedded Linux distributions, backport the patch to maintain stability. 4) Monitor kernel logs for page allocation failures or related warnings as indicators of memory pressure issues. 5) Optimize system memory management policies to reduce fragmentation, such as tuning memory compaction settings or avoiding disabling memory reclaim where possible. 6) Test wireless functionality post-patch to ensure no regressions in connectivity or performance. 7) Incorporate this vulnerability into vulnerability management and patching workflows to ensure timely remediation. These steps go beyond generic advice by focusing on chipset-specific driver updates, memory management tuning, and proactive monitoring tailored to the nature of the vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T13:50:33.131Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe21fe
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 8:25:14 AM
Last updated: 7/29/2025, 2:50:34 AM
Views: 11
Related Threats
CVE-2025-8981: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-50862: n/a
UnknownCVE-2025-50861: n/a
UnknownCVE-2025-8978: Insufficient Verification of Data Authenticity in D-Link DIR-619L
HighCVE-2025-8946: SQL Injection in projectworlds Online Notes Sharing Platform
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.