CVE-2024-58015
Published: 27 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix for out-of bound access error Selfgen stats are placed in a buffer using print_array_to_buf_index() function. Array length parameter passed to the function is too big, resulting in possible out-of bound memory error. Decreasing buffer size by one fixes faulty upper bound of passed array. Discovered in coverity scan, CID 1600742 and CID 1600758
Security Summary
CVE-2024-58015 is an out-of-bounds access vulnerability in the Linux kernel's ath12k WiFi driver. The issue arises when selfgen statistics are copied into a buffer using the print_array_to_buf_index() function, where the array length parameter exceeds the actual buffer size, potentially leading to an out-of-bounds memory read (CWE-125). This flaw was identified through Coverity static analysis scans (CID 1600742 and CID 1600758). The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H), rated as High severity.
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows the attacker to read sensitive data from kernel memory (high confidentiality impact) and potentially cause a denial of service through memory corruption (high availability impact), though integrity impact is none.
The provided kernel patch commits mitigate the issue by reducing the buffer size by one, correcting the faulty upper bound of the passed array. Relevant fixes are available at https://git.kernel.org/stable/c/8700c4bf8b7ed98037d2acf1eaf770ad6dd431d4 and https://git.kernel.org/stable/c/eb8c0534713865d190856f10bfc97cf0b88475b1; security practitioners should ensure affected Linux kernels are updated to include these changes.
Details
- CWE(s)