CVE-2024-49930 is a vulnerability identified in the Linux kernel's ath11k wireless driver, specifically related to the handling of SoC (System on Chip) statistics within the ath11k_soc_dp_stats structure. The vulnerability arises from an out-of-bounds array access in the hal_reo_error array, which is defined with a maximum size of DP_REO_DST_RING_MAX. The root cause is that the function ath11k_dp_process_rx() incorrectly uses the REO destination SRNG ring ID to index into the hal_reo_error array. However, SRNG ring IDs differ from normal ring IDs, and this mismatch leads to accessing memory beyond the array bounds. This can cause undefined behavior, including potential memory corruption or kernel crashes. The fix involves modifying ath11k_dp_process_rx() to use the normal ring ID directly instead of the SRNG ring ID, thereby preventing out-of-bounds access. The vulnerability was tested on Qualcomm QCN9074 hardware with PCI WLAN and the specific driver version HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1. No known exploits are reported in the wild as of the publication date (October 21, 2024). This vulnerability affects Linux kernel versions containing the specified commit hash d5c65159f2895379e11ca13f62feabe93278985d. Since the vulnerability is in a wireless driver, it impacts systems using Qualcomm ath11k Wi-Fi chipsets, which are common in various embedded and consumer devices running Linux. The absence of a CVSS score necessitates an assessment based on the technical details and potential impact.

For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the affected ath11k driver and Qualcomm Wi-Fi chipsets. Potential impacts include system instability, kernel crashes, or denial of service due to memory corruption from out-of-bounds access. While direct remote exploitation is not explicitly documented, the vulnerability exists in a wireless driver, which could be triggered by crafted wireless frames or network traffic, potentially allowing attackers within wireless range to disrupt affected systems. This could impact critical infrastructure, enterprise networks, and IoT devices relying on Linux with Qualcomm Wi-Fi hardware. Confidentiality and integrity impacts are less likely unless combined with other vulnerabilities, but availability could be significantly affected. European organizations with large deployments of Linux-based systems in networking equipment, embedded devices, or industrial control systems using Qualcomm ath11k chipsets are at higher risk. The vulnerability could disrupt business operations, especially in sectors relying on wireless connectivity for critical functions.

1. Apply the official Linux kernel patches that fix the array out-of-bounds access in the ath11k driver as soon as they become available. Monitor Linux kernel mailing lists and vendor advisories for updates. 2. For organizations using distributions with backported fixes, ensure that the latest kernel updates are installed promptly. 3. Where possible, restrict wireless access to trusted networks and limit exposure to untrusted wireless environments to reduce the risk of exploitation. 4. Implement network segmentation to isolate critical systems using affected hardware from general wireless networks. 5. Monitor system logs and kernel messages for signs of instability or crashes related to the ath11k driver. 6. For embedded or IoT devices using Qualcomm ath11k chipsets, coordinate with device vendors to obtain firmware or kernel updates addressing this vulnerability. 7. Conduct wireless network security assessments to identify and mitigate potential attack vectors that could exploit this vulnerability. 8. Consider disabling or replacing affected wireless hardware in high-security environments if timely patching is not feasible.