CVE-2024-46827: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46827 affects the Linux kernel's wifi subsystem, specifically the ath12k driver. The vulnerability was discovered when an access point receives an association request containing an Extended HE Capabilities Information Element with an invalid MCS-NSS, which triggers a firmware crash. This occurs when EHT-PHY capabilities shows support for a bandwidth and MCS-NSS set for that particular bandwidth is filled by zeros, causing the driver to obtain peer_nss as 0 and sending this value to firmware results in a crash (NVD).

The vulnerability exists in the Linux kernel's ath12k driver where insufficient validation of peer_nss (Number of Spatial Streams) value leads to firmware crashes. The issue manifests when the driver processes association requests containing Extended HE Capabilities Information Element with invalid MCS-NSS values. The CVSS v3.1 base score is 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can cause a firmware crash in affected systems, leading to a denial of service condition. The impact is primarily on system availability, with no direct impact on confidentiality or integrity (NVD).

The issue has been fixed in the Linux kernel by implementing a validation step for the peernss value before passing it to the firmware. The fix checks if the peernss value is greater than zero before forwarding it to the firmware. If the value is invalid, the association request is rejected to prevent firmware crashes. The fix has been applied to various kernel versions including 6.8.0-50.51 for Ubuntu 24.04 LTS (Ubuntu, Kernel Patch).