CVE-2024-49930: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49930 is a vulnerability in the Linux kernel's ath11k WiFi driver that was discovered and disclosed in October 2024. The vulnerability affects the array access in SoC stats functionality, specifically in the ath11kdpprocess_rx() function. The issue impacts multiple versions of the Linux kernel, including versions up to 5.10.227, 5.11 to 5.15.168, 5.16 to 6.1.113, 6.2 to 6.6.55, and 6.7 to 6.10.14 (NVD).

The vulnerability stems from an array out-of-bounds access issue in the SoC stats functionality. The ath11ksocdpstats::halreoerror array is defined with a maximum size of DPREODSTRINGMAX, but the ath11kdpprocessrx() function incorrectly accesses this array using the REO destination SRNG ring ID instead of the normal ring ID. This mismatch between SRNG ring ID and normal ring ID leads to out-of-bounds array access. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could potentially allow an attacker with local access to cause out-of-bounds memory access, which could lead to system crashes, information disclosure, or potential code execution. The high CVSS score indicates significant potential impact on the confidentiality, integrity, and availability of the affected system (NVD).

The vulnerability has been fixed by modifying the ath11kdpprocessrx() function to use the normal ring ID directly instead of the SRNG ring ID. The fix has been implemented and tested on QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPLSILICONZ-1. Users should update their Linux kernel to the patched versions: beyond 5.10.227, 5.15.168, 6.1.113, 6.6.55, or 6.11.3 as appropriate for their system (Kernel Patch).