CVE-2024-56599: 
Linux Kernel vulnerability analysis and mitigation

A NULL pointer dereference vulnerability was discovered in the Linux kernel's ath10k WiFi driver (CVE-2024-56599). The issue occurs during the SDIO device removal process when running 'rmmod ath10k' command with CONFIGINITONFREEDEFAULT_ON enabled. The vulnerability was disclosed on December 27, 2024, affecting Linux kernel versions up to 6.12.5 (NVD).

The vulnerability is caused by an incorrect order of operations in the ath10ksdioremove() function. When the driver is being removed, it calls ath10kcoredestroy() before destroyworkqueue(), which leads to a NULL pointer dereference. This happens because wiphydevrelease() is called within ath10kcoredestroy(), which frees the cfg80211registereddevice structure and its members, including the workqueue pointer. When CONFIGINITONFREEDEFAULTON is enabled, the pointer is set to NULL, causing a kernel panic when destroy_workqueue() attempts to use it (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability results in a kernel panic, causing a denial of service condition on affected systems. The impact is limited to local attacks and requires privileged access to trigger the vulnerability by unloading the ath10k module (NVD).

The vulnerability has been patched by modifying the ath10ksdioremove() function to call destroyworkqueue() before ath10kcore_destroy(), ensuring proper cleanup order. The fix has been incorporated into Linux kernel version 6.12.5 and backported to affected stable kernels. Users should update their systems to a patched kernel version (Kernel Patch).