CVE-2023-52776: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-52776 affects the Linux kernel's ath12k WiFi driver. The vulnerability was discovered in the DFS-radar and temperature event handling code where active pdevs (physical devices) were protected by RCU (Read-Copy-Update) but certain sections calling ath12kmacgetarbypdevid() were not properly marked as read-side critical sections (Kernel Git).

The vulnerability stems from a locking issue in the Linux kernel's ath12k WiFi driver. The DFS-radar and temperature event handling code calls ath12kmacgetarbypdevid() without being marked as an RCU read-side critical section, potentially leading to use-after-free issues. The bug was introduced with the initial driver implementation for Qualcomm Wi-Fi 7 devices (Kernel Git).

The vulnerability could potentially lead to use-after-free issues in the kernel's WiFi subsystem. While the temperature event handler was noted to be primarily a placeholder, it could still trigger an RCU lockdep splat, which is a kernel debugging mechanism that detects locking rule violations (Kernel Git).

The issue has been fixed by marking the affected code sections as RCU read-side critical sections. The fix involves adding rcureadlock() and rcureadunlock() calls around the critical sections in both the DFS-radar and temperature event handlers (Kernel Git).