CVE-2024-47721 is a vulnerability identified in the Linux kernel's Wi-Fi driver component, specifically within the Realtek rtw89 driver. The issue arises from an out-of-bounds read caused by the handling of a firmware Command-to-Host (C2H) event identified as RTW89_MAC_C2H_FUNC_READ_WOW_CAM. This event ID is unused and lacks an implemented handler, but the driver erroneously expects a number of handlers equal to NUM_OF_RTW89_MAC_C2H_FUNC_WOW. This mismatch leads to an out-of-bounds memory access when the driver attempts to process this event. The root cause is that the driver includes this event ID in its handler count without providing a corresponding handler function, resulting in the driver reading memory beyond the allocated bounds. The vulnerability was discovered through static analysis (Coverity ID 1598775) and has been addressed by removing the unused event ID from the driver code, thereby preventing the out-of-bounds read. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects versions of the Linux kernel containing the specified commit hash ff53fce5c78ba27ec7eb0baff7ef9648fde7ad8e, indicating a specific code state rather than a broad version range. Since this is a kernel-level vulnerability in a widely used Wi-Fi driver, it has potential implications for systems running Linux with Realtek rtw89 Wi-Fi hardware support.

For European organizations, this vulnerability could lead to potential information disclosure or system instability due to out-of-bounds memory reads in the kernel space. Although no direct remote code execution or privilege escalation is indicated, out-of-bounds reads can sometimes be leveraged to leak sensitive kernel memory, which could aid attackers in crafting further exploits. Systems using Linux with Realtek rtw89 Wi-Fi drivers—common in many laptops, desktops, and embedded devices—may be susceptible. This could impact sectors relying heavily on Linux infrastructure, such as telecommunications, finance, research institutions, and government agencies. The vulnerability might also affect IoT devices or industrial control systems running Linux with this driver, potentially disrupting critical services. Given the kernel-level nature, exploitation could compromise system stability or confidentiality, impacting availability and trustworthiness of affected systems. However, the absence of known exploits and the requirement for specific hardware reduce immediate risk, but organizations should remain vigilant and apply patches promptly.

European organizations should prioritize updating their Linux kernel to versions that include the fix removing the unused RTW89_MAC_C2H_FUNC_READ_WOW_CAM event ID from the rtw89 driver. Since this vulnerability is in the kernel driver, kernel updates distributed by Linux distributions (e.g., Debian, Ubuntu, Red Hat, SUSE) should be applied as soon as patches are available. For environments where immediate kernel updates are challenging, organizations should audit systems to identify those using Realtek rtw89 Wi-Fi hardware and consider disabling the affected Wi-Fi interface temporarily if feasible. Additionally, monitoring kernel logs for unusual C2H event activity or driver errors may help detect exploitation attempts. Network segmentation and strict access controls can limit exposure of vulnerable devices. Security teams should also maintain up-to-date intrusion detection signatures and monitor threat intelligence feeds for any emerging exploit attempts targeting this vulnerability. Finally, organizations should engage with their Linux distribution vendors to confirm patch availability and deployment timelines.