CVE-2024-58097: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's WiFi subsystem, specifically in the ath11k driver, has been identified and assigned CVE-2024-58097. The issue involves an RCU stall condition that occurs while reaping the monitor destination ring. This vulnerability was discovered and disclosed on April 16, 2025 (NVD).

The vulnerability occurs when processing the monitor destination ring, where MSDUs (MAC Service Data Units) are reaped from the link descriptor based on corresponding bufid. The driver sometimes fails to obtain a valid buffer for the bufid received from the hardware, resulting in an infinite loop in the destination processing. This leads to a kernel crash. The issue has been assigned a CVSS v3.1 score of 5.5 (Moderate) with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H and is classified as CWE-835 (Red Hat CVE).

The vulnerability results in a kernel crash due to an infinite loop in the destination processing, causing system instability and potential denial of service. The impact is primarily focused on system availability, with no direct effect on confidentiality or integrity (Red Hat CVE).

The issue has been resolved by modifying the code to skip problematic buf_id entries and proceed with the next MSDU processing, rather than breaking the loop. The fix has been tested on WCN6855 hw2.0 PCI and QCN9074 hw1.0 PCI hardware platforms (Debian Security).