{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38572", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-18T19:36:34.924Z", "datePublished": "2024-06-19T13:35:37.666Z", "dateUpdated": "2024-11-05T09:30:08.833Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:30:08.833Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix out-of-bound access of qmi_invoke_handler()\n\nCurrently, there is no terminator entry for ath12k_qmi_msg_handlers hence\nfacing below KASAN warning,\n\n ==================================================================\n BUG: KASAN: global-out-of-bounds in qmi_invoke_handler+0xa4/0x148\n Read of size 8 at addr ffffffd00a6428d8 by task kworker/u8:2/1273\n\n CPU: 0 PID: 1273 Comm: kworker/u8:2 Not tainted 5.4.213 #0\n Workqueue: qmi_msg_handler qmi_data_ready_work\n Call trace:\n dump_backtrace+0x0/0x20c\n show_stack+0x14/0x1c\n dump_stack+0xe0/0x138\n print_address_description.isra.5+0x30/0x330\n __kasan_report+0x16c/0x1bc\n kasan_report+0xc/0x14\n __asan_load8+0xa8/0xb0\n qmi_invoke_handler+0xa4/0x148\n qmi_handle_message+0x18c/0x1bc\n qmi_data_ready_work+0x4ec/0x528\n process_one_work+0x2c0/0x440\n worker_thread+0x324/0x4b8\n kthread+0x210/0x228\n ret_from_fork+0x10/0x18\n\n The address belongs to the variable:\n ath12k_mac_mon_status_filter_default+0x4bd8/0xfffffffffffe2300 [ath12k]\n [...]\n ==================================================================\n\nAdd a dummy terminator entry at the end to assist the qmi_invoke_handler()\nin traversing up to the terminator entry without accessing an\nout-of-boundary index.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/ath/ath12k/qmi.c"], "versions": [{"version": "d889913205cf", "lessThan": "95575de7dede", "status": "affected", "versionType": "git"}, {"version": "d889913205cf", "lessThan": "b48d40f5840c", "status": "affected", "versionType": "git"}, {"version": "d889913205cf", "lessThan": "a1abdb63628b", "status": "affected", "versionType": "git"}, {"version": "d889913205cf", "lessThan": "e1bdff48a1bb", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/ath/ath12k/qmi.c"], "versions": [{"version": "6.3", "status": "affected"}, {"version": "0", "lessThan": "6.3", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.33", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.12", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.3", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/95575de7dede7b1ed3b9718dab9dda97914ea775"}, {"url": "https://git.kernel.org/stable/c/b48d40f5840c505b7af700594aa8379eec28e925"}, {"url": "https://git.kernel.org/stable/c/a1abdb63628b04855a929850772de97435ed1555"}, {"url": "https://git.kernel.org/stable/c/e1bdff48a1bb4a4ac660c19c55a820968c48b3f2"}], "title": "wifi: ath12k: fix out-of-bound access of qmi_invoke_handler()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.824Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/95575de7dede7b1ed3b9718dab9dda97914ea775", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b48d40f5840c505b7af700594aa8379eec28e925", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a1abdb63628b04855a929850772de97435ed1555", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e1bdff48a1bb4a4ac660c19c55a820968c48b3f2", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38572", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:14:15.867309Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:56.056Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/95575de7dede7b1ed3b9718dab9dda97914ea775", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b48d40f5840c505b7af700594aa8379eec28e925", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a1abdb63628b04855a929850772de97435ed1555", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e1bdff48a1bb4a4ac660c19c55a820968c48b3f2", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.824Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38572", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:14:15.867309Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:26.951Z"}}], "cna": {"title": "wifi: ath12k: fix out-of-bound access of qmi_invoke_handler()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "d889913205cf", "lessThan": "95575de7dede", "versionType": "git"}, {"status": "affected", "version": "d889913205cf", "lessThan": "b48d40f5840c", "versionType": "git"}, {"status": "affected", "version": "d889913205cf", "lessThan": "a1abdb63628b", "versionType": "git"}, {"status": "affected", "version": "d889913205cf", "lessThan": "e1bdff48a1bb", "versionType": "git"}], "programFiles": ["drivers/net/wireless/ath/ath12k/qmi.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.3"}, {"status": "unaffected", "version": "0", "lessThan": "6.3", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.33", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.12", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9.3", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/wireless/ath/ath12k/qmi.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/95575de7dede7b1ed3b9718dab9dda97914ea775"}, {"url": "https://git.kernel.org/stable/c/b48d40f5840c505b7af700594aa8379eec28e925"}, {"url": "https://git.kernel.org/stable/c/a1abdb63628b04855a929850772de97435ed1555"}, {"url": "https://git.kernel.org/stable/c/e1bdff48a1bb4a4ac660c19c55a820968c48b3f2"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix out-of-bound access of qmi_invoke_handler()\n\nCurrently, there is no terminator entry for ath12k_qmi_msg_handlers hence\nfacing below KASAN warning,\n\n ==================================================================\n BUG: KASAN: global-out-of-bounds in qmi_invoke_handler+0xa4/0x148\n Read of size 8 at addr ffffffd00a6428d8 by task kworker/u8:2/1273\n\n CPU: 0 PID: 1273 Comm: kworker/u8:2 Not tainted 5.4.213 #0\n Workqueue: qmi_msg_handler qmi_data_ready_work\n Call trace:\n dump_backtrace+0x0/0x20c\n show_stack+0x14/0x1c\n dump_stack+0xe0/0x138\n print_address_description.isra.5+0x30/0x330\n __kasan_report+0x16c/0x1bc\n kasan_report+0xc/0x14\n __asan_load8+0xa8/0xb0\n qmi_invoke_handler+0xa4/0x148\n qmi_handle_message+0x18c/0x1bc\n qmi_data_ready_work+0x4ec/0x528\n process_one_work+0x2c0/0x440\n worker_thread+0x324/0x4b8\n kthread+0x210/0x228\n ret_from_fork+0x10/0x18\n\n The address belongs to the variable:\n ath12k_mac_mon_status_filter_default+0x4bd8/0xfffffffffffe2300 [ath12k]\n [...]\n ==================================================================\n\nAdd a dummy terminator entry at the end to assist the qmi_invoke_handler()\nin traversing up to the terminator entry without accessing an\nout-of-boundary index.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:30:08.833Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38572", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:30:08.833Z", "dateReserved": "2024-06-18T19:36:34.924Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-19T13:35:37.666Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix out-of-bound access of qmi_invoke_handler()\n\nCurrently, there is no terminator entry for ath12k_qmi_msg_handlers hence\nfacing below KASAN warning,\n\n ==================================================================\n BUG: KASAN: global-out-of-bounds in qmi_invoke_handler+0xa4/0x148\n Read of size 8 at addr ffffffd00a6428d8 by task kworker/u8:2/1273\n\n CPU: 0 PID: 1273 Comm: kworker/u8:2 Not tainted 5.4.213 #0\n Workqueue: qmi_msg_handler qmi_data_ready_work\n Call trace:\n dump_backtrace+0x0/0x20c\n show_stack+0x14/0x1c\n dump_stack+0xe0/0x138\n print_address_description.isra.5+0x30/0x330\n __kasan_report+0x16c/0x1bc\n kasan_report+0xc/0x14\n __asan_load8+0xa8/0xb0\n qmi_invoke_handler+0xa4/0x148\n qmi_handle_message+0x18c/0x1bc\n qmi_data_ready_work+0x4ec/0x528\n process_one_work+0x2c0/0x440\n worker_thread+0x324/0x4b8\n kthread+0x210/0x228\n ret_from_fork+0x10/0x18\n\n The address belongs to the variable:\n ath12k_mac_mon_status_filter_default+0x4bd8/0xfffffffffffe2300 [ath12k]\n [...]\n ==================================================================\n\nAdd a dummy terminator entry at the end to assist the qmi_invoke_handler()\nin traversing up to the terminator entry without accessing an\nout-of-boundary index.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath12k: corrige el acceso fuera de los l\u00edmites de qmi_invoke_handler() Actualmente, no hay ninguna entrada de terminador para ath12k_qmi_msg_handlers, por lo que se enfrenta a la siguiente advertencia de KASAN, ======== ==================================================== ======== ERROR: KASAN: global fuera de los l\u00edmites en qmi_invoke_handler+0xa4/0x148 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffffffd00a6428d8 por tarea kworker/u8:2/1273 CPU: 0 PID: 1273 Comm: kworker /u8:2 No contaminado 5.4.213 #0 Cola de trabajo: qmi_msg_handler qmi_data_ready_work Rastreo de llamadas: dump_backtrace+0x0/0x20c show_stack+0x14/0x1c dump_stack+0xe0/0x138 print_address_description.isra.5+0x30/0x330 __kasan_report+0x16 c/0x1bc kasan_report+0xc /0x14 __asan_load8+0xa8/0xb0 qmi_invoke_handler+0xa4/0x148 qmi_handle_message+0x18c/0x1bc qmi_data_ready_work+0x4ec/0x528 Process_one_work+0x2c0/0x440 trabajador_thread+0x324/0x4b8 0x228 ret_from_fork+0x10/0x18 La direcci\u00f3n pertenece a la variable: ath12k_mac_mon_status_filter_default +0x4bd8/0xfffffffffffe2300 [ath12k] [...] ======================================= ============================ Agregue una entrada de terminador ficticia al final para ayudar a qmi_invoke_handler() a atravesar hasta la entrada del terminador sin acceder a un \u00edndice fuera de los l\u00edmites. Probado en: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1"}], "id": "CVE-2024-38572", "lastModified": "2024-06-20T12:44:01.637", "metrics": {}, "published": "2024-06-19T14:15:17.333", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/95575de7dede7b1ed3b9718dab9dda97914ea775"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a1abdb63628b04855a929850772de97435ed1555"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b48d40f5840c505b7af700594aa8379eec28e925"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e1bdff48a1bb4a4ac660c19c55a820968c48b3f2"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: wifi: ath12k: fix out-of-bound access of qmi_invoke_handler()", "id": "2293421", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293421"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nwifi: ath12k: fix out-of-bound access of qmi_invoke_handler()\nCurrently, there is no terminator entry for ath12k_qmi_msg_handlers hence\nfacing below KASAN warning,\n==================================================================\nBUG: KASAN: global-out-of-bounds in qmi_invoke_handler+0xa4/0x148\nRead of size 8 at addr ffffffd00a6428d8 by task kworker/u8:2/1273\nCPU: 0 PID: 1273 Comm: kworker/u8:2 Not tainted 5.4.213 #0\nWorkqueue: qmi_msg_handler qmi_data_ready_work\nCall trace:\ndump_backtrace+0x0/0x20c\nshow_stack+0x14/0x1c\ndump_stack+0xe0/0x138\nprint_address_description.isra.5+0x30/0x330\n__kasan_report+0x16c/0x1bc\nkasan_report+0xc/0x14\n__asan_load8+0xa8/0xb0\nqmi_invoke_handler+0xa4/0x148\nqmi_handle_message+0x18c/0x1bc\nqmi_data_ready_work+0x4ec/0x528\nprocess_one_work+0x2c0/0x440\nworker_thread+0x324/0x4b8\nkthread+0x210/0x228\nret_from_fork+0x10/0x18\nThe address belongs to the variable:\nath12k_mac_mon_status_filter_default+0x4bd8/0xfffffffffffe2300 [ath12k]\n[...]\n==================================================================\nAdd a dummy terminator entry at the end to assist the qmi_invoke_handler()\nin traversing up to the terminator entry without accessing an\nout-of-boundary index.\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1"], "name": "CVE-2024-38572", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-38572\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38572\nhttps://lore.kernel.org/linux-cve-announce/2024061957-CVE-2024-38572-28d5@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 6.6.33, kernel 6.8.12, kernel 6.9.3, kernel 6.10-rc1"}