CVE-2024-49931: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49931 affects the Linux kernel's ath12k WiFi driver. The vulnerability was discovered in the array access mechanism of SoC stats, where the ath12ksocdpstats::halreoerror array is defined with a maximum size of DPREODSTRING_MAX. The issue was disclosed on October 21, 2024, and affects Linux kernel versions up to 6.6.55 and from 6.7 to 6.11.3 (NVD).

The vulnerability stems from an incorrect array access in the ath12kdprxprocess() function. The function incorrectly uses the REO destination SRNG ring ID to access the ath12ksocdpstats::halreoerror array, instead of the normal ring ID. Since SRNG ring IDs differ from normal ring IDs, this leads to out-of-bounds array access. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 HIGH (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) (NVD).

The out-of-bounds array access vulnerability could potentially lead to memory corruption, which may result in system crashes, information leaks, or potential privilege escalation in the Linux kernel. This affects systems using the ath12k WiFi driver (NVD).

The vulnerability has been patched by modifying the ath12kdprxprocess() function to use the normal ring ID directly instead of the SRNG ring ID. The fix has been tested on QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPLSILICONZ-1. Users should update their Linux kernel to versions that include this patch (Kernel Patch).