CVE-2024-57992: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: unregister wiphy only if it has been registered There is a specific error path in probe functions in wilc drivers (both sdio and spi) which can lead to kernel panic, as this one for example when using SPI: Unable to handle kernel paging request at virtual address 9f000000 when read [9f000000] *pgd=00000000 Internal error: Oops: 5 [#1] ARM Modules linked in: wilc1000_spi(+) crc_itu_t crc7 wilc1000 cfg80211 bluetooth ecdh_generic ecc CPU: 0 UID: 0 PID: 106 Comm: modprobe Not tainted 6.13.0-rc3+ #22 Hardware name: Atmel SAMA5 PC is at wiphy_unregister+0x244/0xc40 [cfg80211] LR is at wiphy_unregister+0x1c0/0xc40 [cfg80211] [...] wiphy_unregister [cfg80211] from wilc_netdev_cleanup+0x380/0x494 [wilc1000] wilc_netdev_cleanup [wilc1000] from wilc_bus_probe+0x360/0x834 [wilc1000_spi] wilc_bus_probe [wilc1000_spi] from spi_probe+0x15c/0x1d4 spi_probe from really_probe+0x270/0xb2c really_probe from __driver_probe_device+0x1dc/0x4e8 __driver_probe_device from driver_probe_device+0x5c/0x140 driver_probe_device from __driver_attach+0x220/0x540 __driver_attach from bus_for_each_dev+0x13c/0x1a8 bus_for_each_dev from bus_add_driver+0x2a0/0x6a4 bus_add_driver from driver_register+0x27c/0x51c driver_register from do_one_initcall+0xf8/0x564 do_one_initcall from do_init_module+0x2e4/0x82c do_init_module from load_module+0x59a0/0x70c4 load_module from init_module_from_file+0x100/0x148 init_module_from_file from sys_finit_module+0x2fc/0x924 sys_finit_module from ret_fast_syscall+0x0/0x1c The issue can easily be reproduced, for example by not wiring correctly a wilc device through SPI (and so, make it unresponsive to early SPI commands). It is due to a recent change decoupling wiphy allocation from wiphy registration, however wilc_netdev_cleanup has not been updated accordingly, letting it possibly call wiphy unregister on a wiphy which has never been registered. Fix this crash by moving wiphy_unregister/wiphy_free out of wilc_netdev_cleanup, and by adjusting error paths in both drivers
AI Analysis
Technical Summary
CVE-2024-57992 is a vulnerability identified in the Linux kernel specifically affecting the wilc1000 wireless driver used for Wi-Fi connectivity over SDIO and SPI interfaces. The flaw arises from improper handling of the wiphy (wireless physical device) unregistration process in error paths during device probe operations. A recent kernel change decoupled wiphy allocation from its registration, but the wilc_netdev_cleanup function was not updated accordingly. This oversight can cause the driver to attempt to unregister a wiphy device that was never registered, leading to a kernel panic due to an invalid memory access (kernel paging request at an unmapped virtual address). The vulnerability is reproducible by misconfiguring the wilc device, such as incorrect wiring on the SPI bus, causing the device to be unresponsive during initialization. The kernel panic manifests as an 'Oops' error on ARM architectures, with the crash trace pointing to the wiphy_unregister function within the cfg80211 subsystem. The impact is a denial of service (DoS) condition where the affected system crashes and requires a reboot. The fix involves moving the wiphy_unregister and wiphy_free calls out of wilc_netdev_cleanup and adjusting error handling paths to ensure unregistration is only called if the wiphy was successfully registered. This vulnerability affects Linux kernel versions containing the wilc1000 driver with the specified commit hashes and is relevant to embedded systems and devices using Atmel SAMA5 or similar ARM platforms with this Wi-Fi chipset. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the primary impact of CVE-2024-57992 is a potential denial of service on devices running vulnerable Linux kernels with the wilc1000 driver, particularly embedded systems or IoT devices using Atmel SAMA5 or similar ARM-based hardware. Such devices may be found in industrial control systems, telecommunications infrastructure, or specialized networking equipment. A kernel panic triggered by this vulnerability could disrupt critical services, cause operational downtime, and require manual intervention to restore functionality. While the vulnerability does not directly expose confidentiality or integrity risks, the availability impact can be significant in environments relying on continuous wireless connectivity. Organizations deploying Linux-based embedded devices in manufacturing, transportation, or smart city applications across Europe should be aware of this issue. The lack of known exploits reduces immediate risk, but the ease of triggering the kernel panic through misconfiguration or hardware faults means accidental or malicious disruption is plausible. This could affect service providers, critical infrastructure operators, and enterprises using custom Linux builds with the affected driver. The impact is more pronounced in sectors where embedded Linux devices are integral to operational technology (OT) networks.
Mitigation Recommendations
To mitigate CVE-2024-57992, European organizations should: 1) Identify and inventory all devices running Linux kernels with the wilc1000 driver, focusing on embedded and ARM-based systems. 2) Apply the latest Linux kernel patches that address this vulnerability, ensuring the fix that moves wiphy_unregister calls out of wilc_netdev_cleanup is included. 3) For devices where kernel updates are not immediately feasible, implement hardware-level checks to ensure correct wiring and stable SPI communication to prevent triggering the error path. 4) Monitor system logs for kernel panics or Oops messages related to wiphy_unregister or wilc1000 modules as early indicators of exploitation or misconfiguration. 5) Employ robust configuration management and testing procedures for embedded devices to detect and correct wiring or initialization issues before deployment. 6) Collaborate with device vendors to obtain updated firmware or kernel versions that incorporate the fix. 7) Consider network segmentation for embedded devices to limit the impact of potential DoS conditions on broader enterprise networks. These steps go beyond generic advice by focusing on embedded device management, hardware validation, and proactive monitoring specific to the affected driver and platform.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Finland, Belgium
CVE-2024-57992: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: unregister wiphy only if it has been registered There is a specific error path in probe functions in wilc drivers (both sdio and spi) which can lead to kernel panic, as this one for example when using SPI: Unable to handle kernel paging request at virtual address 9f000000 when read [9f000000] *pgd=00000000 Internal error: Oops: 5 [#1] ARM Modules linked in: wilc1000_spi(+) crc_itu_t crc7 wilc1000 cfg80211 bluetooth ecdh_generic ecc CPU: 0 UID: 0 PID: 106 Comm: modprobe Not tainted 6.13.0-rc3+ #22 Hardware name: Atmel SAMA5 PC is at wiphy_unregister+0x244/0xc40 [cfg80211] LR is at wiphy_unregister+0x1c0/0xc40 [cfg80211] [...] wiphy_unregister [cfg80211] from wilc_netdev_cleanup+0x380/0x494 [wilc1000] wilc_netdev_cleanup [wilc1000] from wilc_bus_probe+0x360/0x834 [wilc1000_spi] wilc_bus_probe [wilc1000_spi] from spi_probe+0x15c/0x1d4 spi_probe from really_probe+0x270/0xb2c really_probe from __driver_probe_device+0x1dc/0x4e8 __driver_probe_device from driver_probe_device+0x5c/0x140 driver_probe_device from __driver_attach+0x220/0x540 __driver_attach from bus_for_each_dev+0x13c/0x1a8 bus_for_each_dev from bus_add_driver+0x2a0/0x6a4 bus_add_driver from driver_register+0x27c/0x51c driver_register from do_one_initcall+0xf8/0x564 do_one_initcall from do_init_module+0x2e4/0x82c do_init_module from load_module+0x59a0/0x70c4 load_module from init_module_from_file+0x100/0x148 init_module_from_file from sys_finit_module+0x2fc/0x924 sys_finit_module from ret_fast_syscall+0x0/0x1c The issue can easily be reproduced, for example by not wiring correctly a wilc device through SPI (and so, make it unresponsive to early SPI commands). It is due to a recent change decoupling wiphy allocation from wiphy registration, however wilc_netdev_cleanup has not been updated accordingly, letting it possibly call wiphy unregister on a wiphy which has never been registered. Fix this crash by moving wiphy_unregister/wiphy_free out of wilc_netdev_cleanup, and by adjusting error paths in both drivers
AI-Powered Analysis
Technical Analysis
CVE-2024-57992 is a vulnerability identified in the Linux kernel specifically affecting the wilc1000 wireless driver used for Wi-Fi connectivity over SDIO and SPI interfaces. The flaw arises from improper handling of the wiphy (wireless physical device) unregistration process in error paths during device probe operations. A recent kernel change decoupled wiphy allocation from its registration, but the wilc_netdev_cleanup function was not updated accordingly. This oversight can cause the driver to attempt to unregister a wiphy device that was never registered, leading to a kernel panic due to an invalid memory access (kernel paging request at an unmapped virtual address). The vulnerability is reproducible by misconfiguring the wilc device, such as incorrect wiring on the SPI bus, causing the device to be unresponsive during initialization. The kernel panic manifests as an 'Oops' error on ARM architectures, with the crash trace pointing to the wiphy_unregister function within the cfg80211 subsystem. The impact is a denial of service (DoS) condition where the affected system crashes and requires a reboot. The fix involves moving the wiphy_unregister and wiphy_free calls out of wilc_netdev_cleanup and adjusting error handling paths to ensure unregistration is only called if the wiphy was successfully registered. This vulnerability affects Linux kernel versions containing the wilc1000 driver with the specified commit hashes and is relevant to embedded systems and devices using Atmel SAMA5 or similar ARM platforms with this Wi-Fi chipset. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the primary impact of CVE-2024-57992 is a potential denial of service on devices running vulnerable Linux kernels with the wilc1000 driver, particularly embedded systems or IoT devices using Atmel SAMA5 or similar ARM-based hardware. Such devices may be found in industrial control systems, telecommunications infrastructure, or specialized networking equipment. A kernel panic triggered by this vulnerability could disrupt critical services, cause operational downtime, and require manual intervention to restore functionality. While the vulnerability does not directly expose confidentiality or integrity risks, the availability impact can be significant in environments relying on continuous wireless connectivity. Organizations deploying Linux-based embedded devices in manufacturing, transportation, or smart city applications across Europe should be aware of this issue. The lack of known exploits reduces immediate risk, but the ease of triggering the kernel panic through misconfiguration or hardware faults means accidental or malicious disruption is plausible. This could affect service providers, critical infrastructure operators, and enterprises using custom Linux builds with the affected driver. The impact is more pronounced in sectors where embedded Linux devices are integral to operational technology (OT) networks.
Mitigation Recommendations
To mitigate CVE-2024-57992, European organizations should: 1) Identify and inventory all devices running Linux kernels with the wilc1000 driver, focusing on embedded and ARM-based systems. 2) Apply the latest Linux kernel patches that address this vulnerability, ensuring the fix that moves wiphy_unregister calls out of wilc_netdev_cleanup is included. 3) For devices where kernel updates are not immediately feasible, implement hardware-level checks to ensure correct wiring and stable SPI communication to prevent triggering the error path. 4) Monitor system logs for kernel panics or Oops messages related to wiphy_unregister or wilc1000 modules as early indicators of exploitation or misconfiguration. 5) Employ robust configuration management and testing procedures for embedded devices to detect and correct wiring or initialization issues before deployment. 6) Collaborate with device vendors to obtain updated firmware or kernel versions that incorporate the fix. 7) Consider network segmentation for embedded devices to limit the impact of potential DoS conditions on broader enterprise networks. These steps go beyond generic advice by focusing on embedded device management, hardware validation, and proactive monitoring specific to the affected driver and platform.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-27T02:04:28.914Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbdec00
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 6/28/2025, 9:41:11 AM
Last updated: 8/12/2025, 3:40:25 AM
Views: 14
Related Threats
CVE-2025-49456: CWE-426 Untrusted Search Path in Zoom Communications Inc Zoom Clients for Windows
MediumCVE-2025-49457: CWE-426 Untrusted Search Path in Zoom Communications Inc Zoom Clients for Windows
CriticalCVE-2025-54238: Out-of-bounds Read (CWE-125) in Adobe Dimension
MediumCVE-2025-8395
LowCVE-2025-54233: Out-of-bounds Read (CWE-125) in Adobe Adobe Framemaker
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.