CVE-2024-49930
Published: Oct 21, 2024
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix array out-of-bound access in SoC stats Currently, the ath11k_soc_dp_stats::hal_reo_error array is defined with a maximum size of DP_REO_DST_RING_MAX. However, the ath11k_dp_process_rx() function access ath11k_soc_dp_stats::hal_reo_error using the REO destination SRNG ring ID, which is incorrect. SRNG ring ID differ from normal ring ID, and this usage leads to out-of-bounds array access. To fix this issue, modify ath11k_dp_process_rx() to use the normal ring ID directly instead of the SRNG ring ID to avoid out-of-bounds array access. Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected d5c65159f2895379e11ca13f62feabe93278985d - < 0f26f26944035ec67546a944f182cbad6577a9c0affected d5c65159f2895379e11ca13f62feabe93278985d - < 4dd732893bd38cec51f887244314e2b47f0d658faffected d5c65159f2895379e11ca13f62feabe93278985d - < 73e235728e515faccc104b0153b47d0f263b3344affected d5c65159f2895379e11ca13f62feabe93278985d - < 7a552bc2f3efe2aaf77a85cb34cdf4a63d81a1a7affected d5c65159f2895379e11ca13f62feabe93278985d - < 6045ef5b4b00fee3629689f791992900a1c94009+2 more versions |
Linux | Linux | affected 5.6unaffected 0 - < 5.6unaffected 5.10.227 - <= 5.10.*unaffected 5.15.168 - <= 5.15.*unaffected 6.1.113 - <= 6.1.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now