CVE-2024-46827 is a vulnerability identified in the Linux kernel's ath12k wireless driver, which handles Qualcomm Atheros Wi-Fi chipsets. The flaw arises when an access point receives an association request containing an Extended High-Efficiency (HE) Capabilities Information Element with an invalid Modulation and Coding Scheme - Number of Spatial Streams (MCS-NSS) value. Specifically, if the Extremely High Throughput (EHT) PHY capabilities advertise support for a certain bandwidth but the corresponding MCS-NSS set for that bandwidth is zero-filled, the driver interprets the peer_nss value as zero. Passing this zero value to the firmware causes it to crash, resulting in a denial of service condition. The root cause is the lack of validation on the peer_nss parameter before forwarding it to the firmware. The fix involves adding a validation step that rejects association requests with invalid peer_nss values, thereby preventing firmware crashes. This vulnerability was tested on Qualcomm QCN9274 hardware version 2.0 with PCI WLAN firmware version WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1. No known exploits are currently reported in the wild. The issue impacts Linux kernel versions containing the affected driver code prior to the patch. Since the vulnerability can be triggered remotely by sending crafted association requests, it poses a risk to wireless access points running vulnerable Linux kernels with affected Qualcomm chipsets.

For European organizations, this vulnerability could lead to denial of service (DoS) conditions on wireless access points using affected Linux kernels with Qualcomm ath12k drivers. This could disrupt network availability, impacting business operations, especially in environments heavily reliant on Wi-Fi connectivity such as offices, manufacturing plants, or public service locations. The flaw could be exploited by an attacker within wireless range by sending malformed association requests, causing firmware crashes and potentially forcing reboots or loss of wireless connectivity. While the vulnerability does not appear to allow code execution or data compromise, the availability impact could be significant in critical infrastructure or enterprise environments. Organizations with large-scale deployments of Linux-based wireless access points or routers using Qualcomm chipsets are at higher risk. The lack of known exploits reduces immediate risk, but the ease of triggering the crash remotely without authentication means the threat should be taken seriously. Additionally, disruption to wireless networks could indirectly affect confidentiality and integrity by forcing fallback to less secure or alternative communication channels.

European organizations should promptly apply the Linux kernel patches that include the validation fix for the ath12k driver to prevent invalid peer_nss values from reaching the firmware. Network administrators should audit their wireless infrastructure to identify devices running vulnerable Linux kernels with Qualcomm ath12k drivers, particularly those using QCN9274 or similar chipsets. Where patching is not immediately feasible, organizations can implement wireless network segmentation to isolate critical systems from potentially untrusted wireless clients. Monitoring wireless association requests for anomalies or malformed Extended HE Capabilities elements could help detect attempted exploitation. Additionally, organizations should ensure firmware on affected devices is updated to the latest versions provided by vendors. Employing wireless intrusion detection/prevention systems (WIDS/WIPS) to detect and block suspicious association attempts can reduce risk. Finally, maintaining robust incident response plans for wireless network outages will minimize operational impact if exploitation occurs.