CVE-2024-49939: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49939 affects the Linux kernel's rtw89 WiFi driver. The vulnerability was discovered when a System Error Recovery (SER) L2 occurs during the WoWLAN (Wake-on-WLAN) resume flow, causing a double interface list addition that results in a kernel panic. The issue affects Linux kernel versions up to 6.6.55 and from 6.7 to 6.10.14, as well as versions from 6.11 to 6.11.3 (NVD).

The vulnerability occurs in the rtw89 WiFi driver's interface management code. When SER L2 happens during WoWLAN resume, the add interface flow is triggered by ieee80211reconfig(). Due to rtw89wow_resume() returning a failure, the add interface flow executes again, resulting in a double addition to the list and causing a kernel panic. The issue has been assigned a CVSS v3.1 base score of 5.5 MEDIUM (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (NVD).

The vulnerability can cause a denial of service through a kernel panic when the affected system attempts to resume from WoWLAN mode. This affects system stability and availability, particularly in systems using the rtw89 WiFi driver (NVD).

The vulnerability has been patched by adding a check to prevent double adding of the interface to the list. The fix has been implemented in various Linux kernel versions through multiple patches. Users should update their Linux kernel to versions that include the fix (Kernel Patch).