CVE-2024-50234: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlegacy: Clear stale interrupts before resuming device iwl4965 fails upon resume from hibernation on my laptop. The reason seems to be a stale interrupt which isn't being cleared out before interrupts are enabled. We end up with a race beween the resume trying to bring things back up, and the restart work (queued form the interrupt handler) trying to bring things down. Eventually the whole thing blows up. Fix the problem by clearing out any stale interrupts before interrupts get enabled during resume. Here's a debug log of the indicent: [ 12.042589] ieee80211 phy0: il_isr ISR inta 0x00000080, enabled 0xaa00008b, fh 0x00000000 [ 12.042625] ieee80211 phy0: il4965_irq_tasklet inta 0x00000080, enabled 0x00000000, fh 0x00000000 [ 12.042651] iwl4965 0000:10:00.0: RF_KILL bit toggled to enable radio. [ 12.042653] iwl4965 0000:10:00.0: On demand firmware reload [ 12.042690] ieee80211 phy0: il4965_irq_tasklet End inta 0x00000000, enabled 0xaa00008b, fh 0x00000000, flags 0x00000282 [ 12.052207] ieee80211 phy0: il4965_mac_start enter [ 12.052212] ieee80211 phy0: il_prep_station Add STA to driver ID 31: ff:ff:ff:ff:ff:ff [ 12.052244] ieee80211 phy0: il4965_set_hw_ready hardware ready [ 12.052324] ieee80211 phy0: il_apm_init Init card's basic functions [ 12.052348] ieee80211 phy0: il_apm_init L1 Enabled; Disabling L0S [ 12.055727] ieee80211 phy0: il4965_load_bsm Begin load bsm [ 12.056140] ieee80211 phy0: il4965_verify_bsm Begin verify bsm [ 12.058642] ieee80211 phy0: il4965_verify_bsm BSM bootstrap uCode image OK [ 12.058721] ieee80211 phy0: il4965_load_bsm BSM write complete, poll 1 iterations [ 12.058734] ieee80211 phy0: __il4965_up iwl4965 is coming up [ 12.058737] ieee80211 phy0: il4965_mac_start Start UP work done. [ 12.058757] ieee80211 phy0: __il4965_down iwl4965 is going down [ 12.058761] ieee80211 phy0: il_scan_cancel_timeout Scan cancel timeout [ 12.058762] ieee80211 phy0: il_do_scan_abort Not performing scan to abort [ 12.058765] ieee80211 phy0: il_clear_ucode_stations Clearing ucode stations in driver [ 12.058767] ieee80211 phy0: il_clear_ucode_stations No active stations found to be cleared [ 12.058819] ieee80211 phy0: _il_apm_stop Stop card, put in low power state [ 12.058827] ieee80211 phy0: _il_apm_stop_master stop master [ 12.058864] ieee80211 phy0: il4965_clear_free_frames 0 frames on pre-allocated heap on clear. [ 12.058869] ieee80211 phy0: Hardware restart was requested [ 16.132299] iwl4965 0000:10:00.0: START_ALIVE timeout after 4000ms. [ 16.132303] ------------[ cut here ]------------ [ 16.132304] Hardware became unavailable upon resume. This could be a software issue prior to suspend or a hardware issue. [ 16.132338] WARNING: CPU: 0 PID: 181 at net/mac80211/util.c:1826 ieee80211_reconfig+0x8f/0x14b0 [mac80211] [ 16.132390] Modules linked in: ctr ccm sch_fq_codel xt_tcpudp xt_multiport xt_state iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv4 ip_tables x_tables binfmt_misc joydev mousedev btusb btrtl btintel btbcm bluetooth ecdh_generic ecc iTCO_wdt i2c_dev iwl4965 iwlegacy coretemp snd_hda_codec_analog pcspkr psmouse mac80211 snd_hda_codec_generic libarc4 sdhci_pci cqhci sha256_generic sdhci libsha256 firewire_ohci snd_hda_intel snd_intel_dspcfg mmc_core snd_hda_codec snd_hwdep firewire_core led_class iosf_mbi snd_hda_core uhci_hcd lpc_ich crc_itu_t cfg80211 ehci_pci ehci_hcd snd_pcm usbcore mfd_core rfkill snd_timer snd usb_common soundcore video parport_pc parport intel_agp wmi intel_gtt backlight e1000e agpgart evdev [ 16.132456] CPU: 0 UID: 0 PID: 181 Comm: kworker/u8:6 Not tainted 6.11.0-cl+ #143 [ 16.132460] Hardware name: Hewlett-Packard HP Compaq 6910p/30BE, BIOS 68MCU Ver. F.19 07/06/2010 [ 16.132463] Workqueue: async async_run_entry_fn [ 16.132469] RIP: 0010:ieee80211_reconfig+0x8f/0x14b0 [mac80211] [ 16.132501] Code: da 02 00 0 ---truncated---
AI Analysis
Technical Summary
CVE-2024-50234 is a vulnerability identified in the Linux kernel's wireless driver stack, specifically affecting the Intel iwl4965 wireless chipset managed by the iwlegacy driver. The issue arises during the resume process from hibernation or suspend states. The root cause is the presence of stale interrupts that are not cleared before the device's interrupts are re-enabled upon resume. This leads to a race condition between the resume sequence attempting to reinitialize the device and the interrupt handler's restart work trying to shut it down. The conflict results in a failure of the wireless device to properly resume, causing hardware unavailability and potential system instability. The debug logs illustrate the sequence of events, showing the interrupt status, firmware reload attempts, and eventual timeout with a hardware restart request, followed by kernel warnings and errors. The fix involves clearing any stale interrupts before enabling interrupts during the resume process, preventing the race condition and ensuring stable device operation post-resume. This vulnerability is specific to the Linux kernel versions containing the affected iwlegacy driver code and the iwl4965 wireless chipset. It does not require user interaction or authentication to manifest, as it occurs during system power state transitions. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability primarily impacts systems using the affected Intel iwl4965 wireless chipset running Linux with the iwlegacy driver. The failure of wireless devices to resume correctly from hibernation or suspend can lead to loss of network connectivity, affecting productivity, remote access, and potentially critical operations relying on wireless communication. In environments where laptops or embedded devices use this chipset, users may experience system instability or require manual intervention to restore wireless functionality after resume. While this does not directly lead to remote code execution or privilege escalation, the denial of wireless service can disrupt business continuity, especially in sectors relying heavily on mobile computing such as finance, healthcare, and manufacturing. Additionally, the kernel warnings and hardware unavailability could complicate incident response or system monitoring. The impact is more operational and availability-focused rather than confidentiality or integrity. Since the vulnerability is triggered during system resume, it may affect devices frequently entering low power states, common in mobile and remote work scenarios prevalent across European enterprises.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions where this vulnerability is patched, ensuring the iwlegacy driver includes the fix that clears stale interrupts before enabling them on resume. System administrators should audit their device inventory to identify laptops and embedded systems using the Intel iwl4965 chipset and verify the kernel version in use. For devices that cannot be immediately updated, a temporary mitigation could involve disabling hibernation or suspend states to avoid triggering the vulnerability, though this impacts power management. Additionally, organizations should monitor system logs for related kernel warnings or hardware restart messages indicative of this issue. Incorporating this check into routine system health monitoring can help detect affected devices proactively. Where possible, migrating to newer wireless chipsets supported by actively maintained drivers can reduce exposure. Finally, coordinating with Linux distribution vendors for timely patch deployment and testing updates in controlled environments before wide rollout will minimize operational disruptions.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-50234: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlegacy: Clear stale interrupts before resuming device iwl4965 fails upon resume from hibernation on my laptop. The reason seems to be a stale interrupt which isn't being cleared out before interrupts are enabled. We end up with a race beween the resume trying to bring things back up, and the restart work (queued form the interrupt handler) trying to bring things down. Eventually the whole thing blows up. Fix the problem by clearing out any stale interrupts before interrupts get enabled during resume. Here's a debug log of the indicent: [ 12.042589] ieee80211 phy0: il_isr ISR inta 0x00000080, enabled 0xaa00008b, fh 0x00000000 [ 12.042625] ieee80211 phy0: il4965_irq_tasklet inta 0x00000080, enabled 0x00000000, fh 0x00000000 [ 12.042651] iwl4965 0000:10:00.0: RF_KILL bit toggled to enable radio. [ 12.042653] iwl4965 0000:10:00.0: On demand firmware reload [ 12.042690] ieee80211 phy0: il4965_irq_tasklet End inta 0x00000000, enabled 0xaa00008b, fh 0x00000000, flags 0x00000282 [ 12.052207] ieee80211 phy0: il4965_mac_start enter [ 12.052212] ieee80211 phy0: il_prep_station Add STA to driver ID 31: ff:ff:ff:ff:ff:ff [ 12.052244] ieee80211 phy0: il4965_set_hw_ready hardware ready [ 12.052324] ieee80211 phy0: il_apm_init Init card's basic functions [ 12.052348] ieee80211 phy0: il_apm_init L1 Enabled; Disabling L0S [ 12.055727] ieee80211 phy0: il4965_load_bsm Begin load bsm [ 12.056140] ieee80211 phy0: il4965_verify_bsm Begin verify bsm [ 12.058642] ieee80211 phy0: il4965_verify_bsm BSM bootstrap uCode image OK [ 12.058721] ieee80211 phy0: il4965_load_bsm BSM write complete, poll 1 iterations [ 12.058734] ieee80211 phy0: __il4965_up iwl4965 is coming up [ 12.058737] ieee80211 phy0: il4965_mac_start Start UP work done. [ 12.058757] ieee80211 phy0: __il4965_down iwl4965 is going down [ 12.058761] ieee80211 phy0: il_scan_cancel_timeout Scan cancel timeout [ 12.058762] ieee80211 phy0: il_do_scan_abort Not performing scan to abort [ 12.058765] ieee80211 phy0: il_clear_ucode_stations Clearing ucode stations in driver [ 12.058767] ieee80211 phy0: il_clear_ucode_stations No active stations found to be cleared [ 12.058819] ieee80211 phy0: _il_apm_stop Stop card, put in low power state [ 12.058827] ieee80211 phy0: _il_apm_stop_master stop master [ 12.058864] ieee80211 phy0: il4965_clear_free_frames 0 frames on pre-allocated heap on clear. [ 12.058869] ieee80211 phy0: Hardware restart was requested [ 16.132299] iwl4965 0000:10:00.0: START_ALIVE timeout after 4000ms. [ 16.132303] ------------[ cut here ]------------ [ 16.132304] Hardware became unavailable upon resume. This could be a software issue prior to suspend or a hardware issue. [ 16.132338] WARNING: CPU: 0 PID: 181 at net/mac80211/util.c:1826 ieee80211_reconfig+0x8f/0x14b0 [mac80211] [ 16.132390] Modules linked in: ctr ccm sch_fq_codel xt_tcpudp xt_multiport xt_state iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv4 ip_tables x_tables binfmt_misc joydev mousedev btusb btrtl btintel btbcm bluetooth ecdh_generic ecc iTCO_wdt i2c_dev iwl4965 iwlegacy coretemp snd_hda_codec_analog pcspkr psmouse mac80211 snd_hda_codec_generic libarc4 sdhci_pci cqhci sha256_generic sdhci libsha256 firewire_ohci snd_hda_intel snd_intel_dspcfg mmc_core snd_hda_codec snd_hwdep firewire_core led_class iosf_mbi snd_hda_core uhci_hcd lpc_ich crc_itu_t cfg80211 ehci_pci ehci_hcd snd_pcm usbcore mfd_core rfkill snd_timer snd usb_common soundcore video parport_pc parport intel_agp wmi intel_gtt backlight e1000e agpgart evdev [ 16.132456] CPU: 0 UID: 0 PID: 181 Comm: kworker/u8:6 Not tainted 6.11.0-cl+ #143 [ 16.132460] Hardware name: Hewlett-Packard HP Compaq 6910p/30BE, BIOS 68MCU Ver. F.19 07/06/2010 [ 16.132463] Workqueue: async async_run_entry_fn [ 16.132469] RIP: 0010:ieee80211_reconfig+0x8f/0x14b0 [mac80211] [ 16.132501] Code: da 02 00 0 ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-50234 is a vulnerability identified in the Linux kernel's wireless driver stack, specifically affecting the Intel iwl4965 wireless chipset managed by the iwlegacy driver. The issue arises during the resume process from hibernation or suspend states. The root cause is the presence of stale interrupts that are not cleared before the device's interrupts are re-enabled upon resume. This leads to a race condition between the resume sequence attempting to reinitialize the device and the interrupt handler's restart work trying to shut it down. The conflict results in a failure of the wireless device to properly resume, causing hardware unavailability and potential system instability. The debug logs illustrate the sequence of events, showing the interrupt status, firmware reload attempts, and eventual timeout with a hardware restart request, followed by kernel warnings and errors. The fix involves clearing any stale interrupts before enabling interrupts during the resume process, preventing the race condition and ensuring stable device operation post-resume. This vulnerability is specific to the Linux kernel versions containing the affected iwlegacy driver code and the iwl4965 wireless chipset. It does not require user interaction or authentication to manifest, as it occurs during system power state transitions. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability primarily impacts systems using the affected Intel iwl4965 wireless chipset running Linux with the iwlegacy driver. The failure of wireless devices to resume correctly from hibernation or suspend can lead to loss of network connectivity, affecting productivity, remote access, and potentially critical operations relying on wireless communication. In environments where laptops or embedded devices use this chipset, users may experience system instability or require manual intervention to restore wireless functionality after resume. While this does not directly lead to remote code execution or privilege escalation, the denial of wireless service can disrupt business continuity, especially in sectors relying heavily on mobile computing such as finance, healthcare, and manufacturing. Additionally, the kernel warnings and hardware unavailability could complicate incident response or system monitoring. The impact is more operational and availability-focused rather than confidentiality or integrity. Since the vulnerability is triggered during system resume, it may affect devices frequently entering low power states, common in mobile and remote work scenarios prevalent across European enterprises.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions where this vulnerability is patched, ensuring the iwlegacy driver includes the fix that clears stale interrupts before enabling them on resume. System administrators should audit their device inventory to identify laptops and embedded systems using the Intel iwl4965 chipset and verify the kernel version in use. For devices that cannot be immediately updated, a temporary mitigation could involve disabling hibernation or suspend states to avoid triggering the vulnerability, though this impacts power management. Additionally, organizations should monitor system logs for related kernel warnings or hardware restart messages indicative of this issue. Incorporating this check into routine system health monitoring can help detect affected devices proactively. Where possible, migrating to newer wireless chipsets supported by actively maintained drivers can reduce exposure. Finally, coordinating with Linux distribution vendors for timely patch deployment and testing updates in controlled environments before wide rollout will minimize operational disruptions.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T19:36:19.975Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9824c4522896dcbdf5d7
Added to database: 5/21/2025, 9:08:52 AM
Last enriched: 6/28/2025, 1:12:18 PM
Last updated: 8/9/2025, 6:31:50 PM
Views: 21
Related Threats
CVE-2025-8690: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in addix Simple Responsive Slider
MediumCVE-2025-8688: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ebernstein Inline Stock Quotes
MediumCVE-2025-8685: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in emilien Wp chart generator
MediumCVE-2025-8621: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in odn Mosaic Generator
MediumCVE-2025-8568: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in prabode GMap Generator
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.