CVE-2024-47713: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() Since '__dev_queue_xmit()' should be called with interrupts enabled, the following backtrace: ieee80211_do_stop() ... spin_lock_irqsave(&local->queue_stop_reason_lock, flags) ... ieee80211_free_txskb() ieee80211_report_used_skb() ieee80211_report_ack_skb() cfg80211_mgmt_tx_status_ext() nl80211_frame_tx_status() genlmsg_multicast_netns() genlmsg_multicast_netns_filtered() nlmsg_multicast_filtered() netlink_broadcast_filtered() do_one_broadcast() netlink_broadcast_deliver() __netlink_sendskb() netlink_deliver_tap() __netlink_deliver_tap_skb() dev_queue_xmit() __dev_queue_xmit() ; with IRQS disabled ... spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags) issues the warning (as reported by syzbot reproducer): WARNING: CPU: 2 PID: 5128 at kernel/softirq.c:362 __local_bh_enable_ip+0xc3/0x120 Fix this by implementing a two-phase skb reclamation in 'ieee80211_do_stop()', where actual work is performed outside of a section with interrupts disabled.
AI Analysis
Technical Summary
CVE-2024-47713 is a vulnerability identified in the Linux kernel's wireless networking subsystem, specifically within the mac80211 component responsible for Wi-Fi management. The issue arises from improper handling of socket buffer (skb) reclamation during the ieee80211_do_stop() function execution. The vulnerability stems from calling the __dev_queue_xmit() function with interrupts disabled, which violates kernel expectations that this function should be invoked with interrupts enabled. This improper usage leads to a warning triggered by the kernel's softirq subsystem, indicating potential instability or deadlock risks. The root cause is that skb reclamation work is performed while interrupts are disabled, which can cause kernel warnings and potentially impact system stability or network packet processing. The fix implemented involves a two-phase skb reclamation approach where the actual reclamation work is deferred and executed outside the critical section where interrupts are disabled, ensuring compliance with kernel interrupt handling protocols. This correction prevents the kernel warning and mitigates risks associated with interrupt-disabled execution contexts in network transmission paths. Although no known exploits are reported in the wild, the vulnerability affects Linux kernel versions identified by the commit hash 5061b0c2b9066de426fbc63f1278d2210e789412 and potentially other versions containing the same flawed code. The vulnerability is technical and low-level, impacting kernel stability and network driver behavior rather than directly enabling remote code execution or privilege escalation.
Potential Impact
For European organizations, the impact of CVE-2024-47713 primarily concerns system stability and reliability of Linux-based Wi-Fi networking components. Many European enterprises, government agencies, and critical infrastructure operators rely on Linux servers, embedded devices, and network equipment that use the mac80211 wireless stack. Instability or kernel warnings caused by this vulnerability could lead to degraded network performance, unexpected reboots, or denial of service conditions in wireless communications. This is particularly relevant for organizations utilizing Linux in wireless access points, IoT devices, or edge computing nodes where Wi-Fi connectivity is critical. While the vulnerability does not currently have known exploits for privilege escalation or data breaches, the risk of system instability could disrupt business operations, especially in sectors dependent on continuous wireless connectivity such as telecommunications, manufacturing automation, and public safety networks. Additionally, the presence of kernel warnings may complicate troubleshooting and incident response efforts. The vulnerability's indirect impact on availability and operational continuity makes it a concern for European organizations with large-scale Linux deployments in wireless environments.
Mitigation Recommendations
To mitigate CVE-2024-47713, European organizations should prioritize updating their Linux kernel to the patched versions that implement the two-phase skb reclamation fix. This involves applying vendor-supplied kernel updates or backported patches that address the interrupt handling flaw in ieee80211_do_stop(). Organizations should audit their Linux systems to identify those running affected kernel versions, especially on devices handling Wi-Fi traffic. For embedded or specialized devices where kernel updates are delayed or unavailable, consider isolating or limiting wireless network usage to reduce exposure. Monitoring kernel logs for warnings related to __local_bh_enable_ip and ieee80211_do_stop() can help detect unpatched systems experiencing this issue. Network administrators should also validate that interrupt handling and skb processing in wireless drivers conform to best practices, potentially engaging with Linux distribution maintainers or vendors for support. Implementing robust kernel update policies and testing patches in staging environments before production deployment will minimize operational disruptions. Finally, maintaining comprehensive backups and incident response plans ensures readiness in case instability leads to service interruptions.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2024-47713: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() Since '__dev_queue_xmit()' should be called with interrupts enabled, the following backtrace: ieee80211_do_stop() ... spin_lock_irqsave(&local->queue_stop_reason_lock, flags) ... ieee80211_free_txskb() ieee80211_report_used_skb() ieee80211_report_ack_skb() cfg80211_mgmt_tx_status_ext() nl80211_frame_tx_status() genlmsg_multicast_netns() genlmsg_multicast_netns_filtered() nlmsg_multicast_filtered() netlink_broadcast_filtered() do_one_broadcast() netlink_broadcast_deliver() __netlink_sendskb() netlink_deliver_tap() __netlink_deliver_tap_skb() dev_queue_xmit() __dev_queue_xmit() ; with IRQS disabled ... spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags) issues the warning (as reported by syzbot reproducer): WARNING: CPU: 2 PID: 5128 at kernel/softirq.c:362 __local_bh_enable_ip+0xc3/0x120 Fix this by implementing a two-phase skb reclamation in 'ieee80211_do_stop()', where actual work is performed outside of a section with interrupts disabled.
AI-Powered Analysis
Technical Analysis
CVE-2024-47713 is a vulnerability identified in the Linux kernel's wireless networking subsystem, specifically within the mac80211 component responsible for Wi-Fi management. The issue arises from improper handling of socket buffer (skb) reclamation during the ieee80211_do_stop() function execution. The vulnerability stems from calling the __dev_queue_xmit() function with interrupts disabled, which violates kernel expectations that this function should be invoked with interrupts enabled. This improper usage leads to a warning triggered by the kernel's softirq subsystem, indicating potential instability or deadlock risks. The root cause is that skb reclamation work is performed while interrupts are disabled, which can cause kernel warnings and potentially impact system stability or network packet processing. The fix implemented involves a two-phase skb reclamation approach where the actual reclamation work is deferred and executed outside the critical section where interrupts are disabled, ensuring compliance with kernel interrupt handling protocols. This correction prevents the kernel warning and mitigates risks associated with interrupt-disabled execution contexts in network transmission paths. Although no known exploits are reported in the wild, the vulnerability affects Linux kernel versions identified by the commit hash 5061b0c2b9066de426fbc63f1278d2210e789412 and potentially other versions containing the same flawed code. The vulnerability is technical and low-level, impacting kernel stability and network driver behavior rather than directly enabling remote code execution or privilege escalation.
Potential Impact
For European organizations, the impact of CVE-2024-47713 primarily concerns system stability and reliability of Linux-based Wi-Fi networking components. Many European enterprises, government agencies, and critical infrastructure operators rely on Linux servers, embedded devices, and network equipment that use the mac80211 wireless stack. Instability or kernel warnings caused by this vulnerability could lead to degraded network performance, unexpected reboots, or denial of service conditions in wireless communications. This is particularly relevant for organizations utilizing Linux in wireless access points, IoT devices, or edge computing nodes where Wi-Fi connectivity is critical. While the vulnerability does not currently have known exploits for privilege escalation or data breaches, the risk of system instability could disrupt business operations, especially in sectors dependent on continuous wireless connectivity such as telecommunications, manufacturing automation, and public safety networks. Additionally, the presence of kernel warnings may complicate troubleshooting and incident response efforts. The vulnerability's indirect impact on availability and operational continuity makes it a concern for European organizations with large-scale Linux deployments in wireless environments.
Mitigation Recommendations
To mitigate CVE-2024-47713, European organizations should prioritize updating their Linux kernel to the patched versions that implement the two-phase skb reclamation fix. This involves applying vendor-supplied kernel updates or backported patches that address the interrupt handling flaw in ieee80211_do_stop(). Organizations should audit their Linux systems to identify those running affected kernel versions, especially on devices handling Wi-Fi traffic. For embedded or specialized devices where kernel updates are delayed or unavailable, consider isolating or limiting wireless network usage to reduce exposure. Monitoring kernel logs for warnings related to __local_bh_enable_ip and ieee80211_do_stop() can help detect unpatched systems experiencing this issue. Network administrators should also validate that interrupt handling and skb processing in wireless drivers conform to best practices, potentially engaging with Linux distribution maintainers or vendors for support. Implementing robust kernel update policies and testing patches in staging environments before production deployment will minimize operational disruptions. Finally, maintaining comprehensive backups and incident response plans ensures readiness in case instability leads to service interruptions.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-09-30T16:00:12.948Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9825c4522896dcbe0598
Added to database: 5/21/2025, 9:08:53 AM
Last enriched: 6/28/2025, 7:55:17 PM
Last updated: 8/5/2025, 6:38:55 AM
Views: 13
Related Threats
CVE-2025-43733: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Liferay Portal
LowCVE-2025-43731: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Liferay Portal
MediumCVE-2025-7693: CWE-20: Improper Input Validation in Rockwell Automation PLC - Micro850 L50E
CriticalCVE-2025-55293: CWE-287: Improper Authentication in meshtastic firmware
CriticalCVE-2025-55300: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in komari-monitor komari
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.