CVE-2024-40911: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Lock wiphy in cfg80211_get_station Wiphy should be locked before calling rdev_get_station() (see lockdep assert in ieee80211_get_station()). This fixes the following kernel NULL dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050 Mem abort info: ESR = 0x0000000096000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x00000006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000000003001000 [0000000000000050] pgd=0800000002dca003, p4d=0800000002dca003, pud=08000000028e9003, pmd=0000000000000000 Internal error: Oops: 0000000096000006 [#1] SMP Modules linked in: netconsole dwc3_meson_g12a dwc3_of_simple dwc3 ip_gre gre ath10k_pci ath10k_core ath9k ath9k_common ath9k_hw ath CPU: 0 PID: 1091 Comm: kworker/u8:0 Not tainted 6.4.0-02144-g565f9a3a7911-dirty #705 Hardware name: RPT (r1) (DT) Workqueue: bat_events batadv_v_elp_throughput_metric_update pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ath10k_sta_statistics+0x10/0x2dc [ath10k_core] lr : sta_set_sinfo+0xcc/0xbd4 sp : ffff000007b43ad0 x29: ffff000007b43ad0 x28: ffff0000071fa900 x27: ffff00000294ca98 x26: ffff000006830880 x25: ffff000006830880 x24: ffff00000294c000 x23: 0000000000000001 x22: ffff000007b43c90 x21: ffff800008898acc x20: ffff00000294c6e8 x19: ffff000007b43c90 x18: 0000000000000000 x17: 445946354d552d78 x16: 62661f7200000000 x15: 57464f445946354d x14: 0000000000000000 x13: 00000000000000e3 x12: d5f0acbcebea978e x11: 00000000000000e3 x10: 000000010048fe41 x9 : 0000000000000000 x8 : ffff000007b43d90 x7 : 000000007a1e2125 x6 : 0000000000000000 x5 : ffff0000024e0900 x4 : ffff800000a0250c x3 : ffff000007b43c90 x2 : ffff00000294ca98 x1 : ffff000006831920 x0 : 0000000000000000 Call trace: ath10k_sta_statistics+0x10/0x2dc [ath10k_core] sta_set_sinfo+0xcc/0xbd4 ieee80211_get_station+0x2c/0x44 cfg80211_get_station+0x80/0x154 batadv_v_elp_get_throughput+0x138/0x1fc batadv_v_elp_throughput_metric_update+0x1c/0xa4 process_one_work+0x1ec/0x414 worker_thread+0x70/0x46c kthread+0xdc/0xe0 ret_from_fork+0x10/0x20 Code: a9bb7bfd 910003fd a90153f3 f9411c40 (f9402814) This happens because STA has time to disconnect and reconnect before batadv_v_elp_throughput_metric_update() delayed work gets scheduled. In this situation, ath10k_sta_state() can be in the middle of resetting arsta data when the work queue get chance to be scheduled and ends up accessing it. Locking wiphy prevents that.
AI Analysis
Technical Summary
CVE-2024-40911 is a vulnerability identified in the Linux kernel's wireless networking subsystem, specifically within the cfg80211 component that manages Wi-Fi device configuration and station management. The issue arises due to improper locking of the wiphy (wireless physical device) structure before invoking the function rdev_get_station(). The vulnerability manifests as a kernel NULL pointer dereference, which occurs when the system attempts to access memory at a null or invalid address, leading to a kernel oops and potential system crash. The root cause is a race condition where a Wi-Fi station (STA) disconnects and reconnects before the delayed work function batadv_v_elp_throughput_metric_update() is scheduled. In this window, the ath10k_sta_state() function may be resetting station data while the workqueue accesses it concurrently without proper synchronization. This results in the ath10k_core driver accessing freed or uninitialized memory, causing the kernel panic. The fix involves locking the wiphy device before calling rdev_get_station(), ensuring serialized access and preventing concurrent modification of station data. The vulnerability affects Linux kernel versions prior to the patch and is relevant to systems using the ath10k wireless driver, common in many modern Wi-Fi chipsets. No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running vulnerable Linux kernel versions with ath10k-based Wi-Fi hardware. Exploitation can lead to denial of service (DoS) via kernel crashes, impacting availability of critical systems, especially those relying on wireless connectivity for operations. This can affect enterprise servers, network infrastructure devices, embedded systems, and IoT devices running Linux. While the vulnerability does not directly allow privilege escalation or remote code execution, repeated crashes can disrupt business continuity and network reliability. In sectors such as telecommunications, manufacturing, and critical infrastructure where Linux-based wireless devices are prevalent, this could lead to operational downtime. Additionally, the vulnerability could be leveraged as part of a multi-stage attack to degrade network performance or cause instability in wireless networks. The lack of known exploits reduces immediate risk, but the widespread use of Linux in Europe and the importance of wireless connectivity make timely remediation important.
Mitigation Recommendations
Organizations should promptly update their Linux kernels to versions that include the patch fixing CVE-2024-40911. Specifically, ensure that the kernel version includes the locking fix in cfg80211_get_station() to prevent race conditions. For systems where immediate kernel upgrade is not feasible, consider disabling or limiting use of affected wireless drivers (ath10k) or wireless features until patched. Implement monitoring to detect kernel oops or crashes related to wireless operations, which may indicate attempted exploitation or instability. For embedded or IoT devices, coordinate with vendors to obtain firmware updates incorporating the fix. Network segmentation can reduce impact by isolating vulnerable devices from critical infrastructure. Additionally, review and harden workqueue and wireless driver configurations to minimize race conditions. Regularly audit wireless device drivers and kernel versions in use to maintain up-to-date security posture. Finally, maintain robust backup and recovery procedures to mitigate availability impacts from potential crashes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2024-40911: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Lock wiphy in cfg80211_get_station Wiphy should be locked before calling rdev_get_station() (see lockdep assert in ieee80211_get_station()). This fixes the following kernel NULL dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050 Mem abort info: ESR = 0x0000000096000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x00000006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000000003001000 [0000000000000050] pgd=0800000002dca003, p4d=0800000002dca003, pud=08000000028e9003, pmd=0000000000000000 Internal error: Oops: 0000000096000006 [#1] SMP Modules linked in: netconsole dwc3_meson_g12a dwc3_of_simple dwc3 ip_gre gre ath10k_pci ath10k_core ath9k ath9k_common ath9k_hw ath CPU: 0 PID: 1091 Comm: kworker/u8:0 Not tainted 6.4.0-02144-g565f9a3a7911-dirty #705 Hardware name: RPT (r1) (DT) Workqueue: bat_events batadv_v_elp_throughput_metric_update pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ath10k_sta_statistics+0x10/0x2dc [ath10k_core] lr : sta_set_sinfo+0xcc/0xbd4 sp : ffff000007b43ad0 x29: ffff000007b43ad0 x28: ffff0000071fa900 x27: ffff00000294ca98 x26: ffff000006830880 x25: ffff000006830880 x24: ffff00000294c000 x23: 0000000000000001 x22: ffff000007b43c90 x21: ffff800008898acc x20: ffff00000294c6e8 x19: ffff000007b43c90 x18: 0000000000000000 x17: 445946354d552d78 x16: 62661f7200000000 x15: 57464f445946354d x14: 0000000000000000 x13: 00000000000000e3 x12: d5f0acbcebea978e x11: 00000000000000e3 x10: 000000010048fe41 x9 : 0000000000000000 x8 : ffff000007b43d90 x7 : 000000007a1e2125 x6 : 0000000000000000 x5 : ffff0000024e0900 x4 : ffff800000a0250c x3 : ffff000007b43c90 x2 : ffff00000294ca98 x1 : ffff000006831920 x0 : 0000000000000000 Call trace: ath10k_sta_statistics+0x10/0x2dc [ath10k_core] sta_set_sinfo+0xcc/0xbd4 ieee80211_get_station+0x2c/0x44 cfg80211_get_station+0x80/0x154 batadv_v_elp_get_throughput+0x138/0x1fc batadv_v_elp_throughput_metric_update+0x1c/0xa4 process_one_work+0x1ec/0x414 worker_thread+0x70/0x46c kthread+0xdc/0xe0 ret_from_fork+0x10/0x20 Code: a9bb7bfd 910003fd a90153f3 f9411c40 (f9402814) This happens because STA has time to disconnect and reconnect before batadv_v_elp_throughput_metric_update() delayed work gets scheduled. In this situation, ath10k_sta_state() can be in the middle of resetting arsta data when the work queue get chance to be scheduled and ends up accessing it. Locking wiphy prevents that.
AI-Powered Analysis
Technical Analysis
CVE-2024-40911 is a vulnerability identified in the Linux kernel's wireless networking subsystem, specifically within the cfg80211 component that manages Wi-Fi device configuration and station management. The issue arises due to improper locking of the wiphy (wireless physical device) structure before invoking the function rdev_get_station(). The vulnerability manifests as a kernel NULL pointer dereference, which occurs when the system attempts to access memory at a null or invalid address, leading to a kernel oops and potential system crash. The root cause is a race condition where a Wi-Fi station (STA) disconnects and reconnects before the delayed work function batadv_v_elp_throughput_metric_update() is scheduled. In this window, the ath10k_sta_state() function may be resetting station data while the workqueue accesses it concurrently without proper synchronization. This results in the ath10k_core driver accessing freed or uninitialized memory, causing the kernel panic. The fix involves locking the wiphy device before calling rdev_get_station(), ensuring serialized access and preventing concurrent modification of station data. The vulnerability affects Linux kernel versions prior to the patch and is relevant to systems using the ath10k wireless driver, common in many modern Wi-Fi chipsets. No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running vulnerable Linux kernel versions with ath10k-based Wi-Fi hardware. Exploitation can lead to denial of service (DoS) via kernel crashes, impacting availability of critical systems, especially those relying on wireless connectivity for operations. This can affect enterprise servers, network infrastructure devices, embedded systems, and IoT devices running Linux. While the vulnerability does not directly allow privilege escalation or remote code execution, repeated crashes can disrupt business continuity and network reliability. In sectors such as telecommunications, manufacturing, and critical infrastructure where Linux-based wireless devices are prevalent, this could lead to operational downtime. Additionally, the vulnerability could be leveraged as part of a multi-stage attack to degrade network performance or cause instability in wireless networks. The lack of known exploits reduces immediate risk, but the widespread use of Linux in Europe and the importance of wireless connectivity make timely remediation important.
Mitigation Recommendations
Organizations should promptly update their Linux kernels to versions that include the patch fixing CVE-2024-40911. Specifically, ensure that the kernel version includes the locking fix in cfg80211_get_station() to prevent race conditions. For systems where immediate kernel upgrade is not feasible, consider disabling or limiting use of affected wireless drivers (ath10k) or wireless features until patched. Implement monitoring to detect kernel oops or crashes related to wireless operations, which may indicate attempted exploitation or instability. For embedded or IoT devices, coordinate with vendors to obtain firmware updates incorporating the fix. Network segmentation can reduce impact by isolating vulnerable devices from critical infrastructure. Additionally, review and harden workqueue and wireless driver configurations to minimize race conditions. Regularly audit wireless device drivers and kernel versions in use to maintain up-to-date security posture. Finally, maintain robust backup and recovery procedures to mitigate availability impacts from potential crashes.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-12T12:17:45.580Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9827c4522896dcbe138d
Added to database: 5/21/2025, 9:08:55 AM
Last enriched: 6/29/2025, 2:10:16 AM
Last updated: 8/10/2025, 3:54:41 PM
Views: 16
Related Threats
CVE-2025-41242: Vulnerability in VMware Spring Framework
MediumCVE-2025-47206: CWE-787 in QNAP Systems Inc. File Station 5
HighCVE-2025-5296: CWE-59 Improper Link Resolution Before File Access ('Link Following') in Schneider Electric SESU
HighCVE-2025-6625: CWE-20 Improper Input Validation in Schneider Electric Modicon M340
HighCVE-2025-57703: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.