CVE-2024-40912: 
Linux Kernel vulnerability analysis and mitigation

A deadlock vulnerability was discovered in the Linux kernel's mac80211 subsystem, identified as CVE-2024-40912. The issue occurs in the ieee80211stapsdeliverwakeup() function which synchronizes with ieee80211txhunicastpsbuf() using sta->pslock. The vulnerability was discovered in July 2024 and affects Linux kernel versions from 3.14 up to versions before 6.9.6 (NVD).

The vulnerability stems from improper locking mechanism implementation in the ieee80211stapsdeliverwakeup() function. The function uses spinlock() to acquire sta->pslock, but this doesn't prevent softirq execution on the same CPU. This allows ieee80211txhunicastps_buf() to run in softirq context and attempt to acquire the same lock, resulting in a deadlock condition. The issue manifests as an RCU stall, with symptoms including CPU lockup and system unresponsiveness. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a system deadlock when the affected code path is triggered, potentially causing a denial of service condition. This occurs due to CPU lockup when both the ieee80211stapsdeliverwakeup() function and softirq context attempt to acquire the same lock simultaneously (Kernel Patch).

The issue has been fixed by replacing spinlock() with spinlockbh() and spinunlock() with spinunlockbh() in the ieee80211stapsdeliverwakeup() function. This prevents softirq execution on the same CPU that is holding the lock, effectively preventing the deadlock condition. The fix has been implemented in various kernel versions through backported patches (Kernel Patch).