CVE-2024-47724: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: use work queue to process beacon tx event Commit 3a415daa3e8b ("wifi: ath11k: add P2P IE in beacon template") from Feb 28, 2024 (linux-next), leads to the following Smatch static checker warning: drivers/net/wireless/ath/ath11k/wmi.c:1742 ath11k_wmi_p2p_go_bcn_ie() warn: sleeping in atomic context The reason is that ath11k_bcn_tx_status_event() will directly call might sleep function ath11k_wmi_cmd_send() during RCU read-side critical sections. The call trace is like: ath11k_bcn_tx_status_event() -> rcu_read_lock() -> ath11k_mac_bcn_tx_event() -> ath11k_mac_setup_bcn_tmpl() …… -> ath11k_wmi_bcn_tmpl() -> ath11k_wmi_cmd_send() -> rcu_read_unlock() Commit 886433a98425 ("ath11k: add support for BSS color change") added the ath11k_mac_bcn_tx_event(), commit 01e782c89108 ("ath11k: fix warning of RCU usage for ath11k_mac_get_arvif_by_vdev_id()") added the RCU lock to avoid warning but also introduced this BUG. Use work queue to avoid directly calling ath11k_mac_bcn_tx_event() during RCU critical sections. No need to worry about the deletion of vif because cancel_work_sync() will drop the work if it doesn't start or block vif deletion until the running work is done. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30
AI Analysis
Technical Summary
CVE-2024-47724 is a vulnerability identified in the Linux kernel's wireless driver subsystem, specifically within the ath11k driver which supports Qualcomm Atheros Wi-Fi 6 chipsets. The issue arises from improper handling of beacon transmission status events in the ath11k driver code. The vulnerability is rooted in the function ath11k_bcn_tx_status_event(), which executes within an RCU (Read-Copy-Update) read-side critical section. During this critical section, it directly calls ath11k_wmi_cmd_send(), a function that may sleep. Sleeping in atomic or RCU read-side critical contexts is unsafe and can lead to kernel instability or crashes (BUGs). This improper usage was introduced by a series of commits aimed at adding support for P2P IE in beacon templates and BSS color change features, which inadvertently caused the driver to call potentially sleeping functions in atomic contexts. The fix involves deferring the execution of ath11k_mac_bcn_tx_event() to a work queue, which allows the potentially sleeping function to run outside of the atomic context, thus preventing kernel BUGs and improving driver stability. The patch ensures that work cancellation synchronizes properly with vif (virtual interface) deletion, preventing race conditions or use-after-free scenarios. This vulnerability does not appear to have known exploits in the wild and affects specific Linux kernel versions containing the problematic commits. It has been tested on Qualcomm WCN6855 hardware. No CVSS score has been assigned yet, but the issue is a kernel-level bug that can cause system crashes or instability due to improper synchronization and atomic context violations in wireless driver code.
Potential Impact
For European organizations, this vulnerability primarily impacts systems running Linux kernels with the affected ath11k driver versions, especially those using Qualcomm Atheros Wi-Fi 6 chipsets. The potential impact includes kernel crashes or system instability, which can lead to denial of service (DoS) conditions on affected devices. This is particularly critical for infrastructure relying on stable wireless connectivity, such as enterprise Wi-Fi access points, embedded systems, IoT devices, and network appliances. Organizations in sectors like telecommunications, manufacturing, healthcare, and critical infrastructure that deploy Linux-based wireless devices may experience service disruptions. Although this vulnerability does not directly lead to privilege escalation or remote code execution, the resulting instability could be exploited indirectly by attackers to cause outages or degrade network reliability. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of the bug. Given the widespread use of Linux in European IT environments and the increasing deployment of Wi-Fi 6 hardware, the vulnerability could affect a broad range of devices if not remediated promptly.
Mitigation Recommendations
European organizations should take the following specific mitigation steps: 1) Identify all Linux systems using the ath11k driver with Qualcomm Atheros Wi-Fi 6 chipsets, especially those running kernel versions containing the problematic commits (e.g., around commit 3a415daa3e8b). 2) Apply the official Linux kernel patches that defer beacon transmission event processing to work queues, as described in the fix for CVE-2024-47724. If using vendor-specific kernels or distributions, monitor for vendor advisories and apply updates promptly. 3) For embedded or IoT devices where kernel updates are challenging, consider isolating affected devices from critical network segments or limiting their exposure until patches can be applied. 4) Monitor system logs for kernel BUG messages or crashes related to ath11k wireless events, which may indicate attempts to trigger the vulnerability. 5) Implement robust change management and testing procedures to validate kernel updates in controlled environments before wide deployment. 6) Engage with hardware and software vendors to confirm support and timelines for patches if using third-party Linux distributions or custom kernels. These targeted actions go beyond generic advice by focusing on the specific driver, hardware, and kernel versions involved.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2024-47724: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: use work queue to process beacon tx event Commit 3a415daa3e8b ("wifi: ath11k: add P2P IE in beacon template") from Feb 28, 2024 (linux-next), leads to the following Smatch static checker warning: drivers/net/wireless/ath/ath11k/wmi.c:1742 ath11k_wmi_p2p_go_bcn_ie() warn: sleeping in atomic context The reason is that ath11k_bcn_tx_status_event() will directly call might sleep function ath11k_wmi_cmd_send() during RCU read-side critical sections. The call trace is like: ath11k_bcn_tx_status_event() -> rcu_read_lock() -> ath11k_mac_bcn_tx_event() -> ath11k_mac_setup_bcn_tmpl() …… -> ath11k_wmi_bcn_tmpl() -> ath11k_wmi_cmd_send() -> rcu_read_unlock() Commit 886433a98425 ("ath11k: add support for BSS color change") added the ath11k_mac_bcn_tx_event(), commit 01e782c89108 ("ath11k: fix warning of RCU usage for ath11k_mac_get_arvif_by_vdev_id()") added the RCU lock to avoid warning but also introduced this BUG. Use work queue to avoid directly calling ath11k_mac_bcn_tx_event() during RCU critical sections. No need to worry about the deletion of vif because cancel_work_sync() will drop the work if it doesn't start or block vif deletion until the running work is done. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30
AI-Powered Analysis
Technical Analysis
CVE-2024-47724 is a vulnerability identified in the Linux kernel's wireless driver subsystem, specifically within the ath11k driver which supports Qualcomm Atheros Wi-Fi 6 chipsets. The issue arises from improper handling of beacon transmission status events in the ath11k driver code. The vulnerability is rooted in the function ath11k_bcn_tx_status_event(), which executes within an RCU (Read-Copy-Update) read-side critical section. During this critical section, it directly calls ath11k_wmi_cmd_send(), a function that may sleep. Sleeping in atomic or RCU read-side critical contexts is unsafe and can lead to kernel instability or crashes (BUGs). This improper usage was introduced by a series of commits aimed at adding support for P2P IE in beacon templates and BSS color change features, which inadvertently caused the driver to call potentially sleeping functions in atomic contexts. The fix involves deferring the execution of ath11k_mac_bcn_tx_event() to a work queue, which allows the potentially sleeping function to run outside of the atomic context, thus preventing kernel BUGs and improving driver stability. The patch ensures that work cancellation synchronizes properly with vif (virtual interface) deletion, preventing race conditions or use-after-free scenarios. This vulnerability does not appear to have known exploits in the wild and affects specific Linux kernel versions containing the problematic commits. It has been tested on Qualcomm WCN6855 hardware. No CVSS score has been assigned yet, but the issue is a kernel-level bug that can cause system crashes or instability due to improper synchronization and atomic context violations in wireless driver code.
Potential Impact
For European organizations, this vulnerability primarily impacts systems running Linux kernels with the affected ath11k driver versions, especially those using Qualcomm Atheros Wi-Fi 6 chipsets. The potential impact includes kernel crashes or system instability, which can lead to denial of service (DoS) conditions on affected devices. This is particularly critical for infrastructure relying on stable wireless connectivity, such as enterprise Wi-Fi access points, embedded systems, IoT devices, and network appliances. Organizations in sectors like telecommunications, manufacturing, healthcare, and critical infrastructure that deploy Linux-based wireless devices may experience service disruptions. Although this vulnerability does not directly lead to privilege escalation or remote code execution, the resulting instability could be exploited indirectly by attackers to cause outages or degrade network reliability. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of the bug. Given the widespread use of Linux in European IT environments and the increasing deployment of Wi-Fi 6 hardware, the vulnerability could affect a broad range of devices if not remediated promptly.
Mitigation Recommendations
European organizations should take the following specific mitigation steps: 1) Identify all Linux systems using the ath11k driver with Qualcomm Atheros Wi-Fi 6 chipsets, especially those running kernel versions containing the problematic commits (e.g., around commit 3a415daa3e8b). 2) Apply the official Linux kernel patches that defer beacon transmission event processing to work queues, as described in the fix for CVE-2024-47724. If using vendor-specific kernels or distributions, monitor for vendor advisories and apply updates promptly. 3) For embedded or IoT devices where kernel updates are challenging, consider isolating affected devices from critical network segments or limiting their exposure until patches can be applied. 4) Monitor system logs for kernel BUG messages or crashes related to ath11k wireless events, which may indicate attempts to trigger the vulnerability. 5) Implement robust change management and testing procedures to validate kernel updates in controlled environments before wide deployment. 6) Engage with hardware and software vendors to confirm support and timelines for patches if using third-party Linux distributions or custom kernels. These targeted actions go beyond generic advice by focusing on the specific driver, hardware, and kernel versions involved.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-09-30T16:00:12.956Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9825c4522896dcbe05de
Added to database: 5/21/2025, 9:08:53 AM
Last enriched: 6/28/2025, 8:09:46 PM
Last updated: 8/4/2025, 2:15:04 AM
Views: 14
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.