Описание
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath9k_htc: Abort software beacon handling if disabled
A malicious USB device can send a WMI_SWBA_EVENTID event from an
ath9k_htc-managed device before beaconing has been enabled. This causes
a device-by-zero error in the driver, leading to either a crash or an
out of bounds read.
Prevent this by aborting the handling in ath9k_htc_swba() if beacons are
not enabled.
A flaw was found in the Linux kernel's ath9k_htc Wi-Fi driver. A malicious Universal Serial Bus (USB) device can send a specific event (WMI_SWBA_EVENTID) before the Wi-Fi beaconing feature is enabled. This can lead to a critical error within the driver, potentially causing the system to crash (Denial of Service) or allowing an attacker to read sensitive information from memory (information disclosure).
Отчет
This flaw is being treated as a Moderate Impact flaw, which leads to a Denial Of Service threat with a normal user. This vulnerability could even lead to a kernel information leak problem with a special group access privilege.
Меры по смягчению последствий
To mitigate this issue, prevent the ath9k_htc kernel module from loading. This can be achieved by blacklisting the module.
Create a file named /etc/modprobe.d/blacklist-ath9k_htc.conf with the following content:
Then, regenerate the initramfs to apply the change:
A system reboot is required for this change to take effect. This mitigation will disable any functionality provided by the ath9k_htc module, which may impact WiFi connectivity if this specific hardware is in use.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | kernel | Fix deferred | ||
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel | Under investigation | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Under investigation | ||
| Red Hat Enterprise Linux 8 | kernel | Fix deferred | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fix deferred | ||
| Red Hat Enterprise Linux 9 | kernel | Fix deferred | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
6.4 Medium
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Abort software beacon handling if disabled A malicious USB device can send a WMI_SWBA_EVENTID event from an ath9k_htc-managed device before beaconing has been enabled. This causes a device-by-zero error in the driver, leading to either a crash or an out of bounds read. Prevent this by aborting the handling in ath9k_htc_swba() if beacons are not enabled.
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Abort software beacon handling if disabled A malicious USB device can send a WMI_SWBA_EVENTID event from an ath9k_htc-managed device before beaconing has been enabled. This causes a device-by-zero error in the driver, leading to either a crash or an out of bounds read. Prevent this by aborting the handling in ath9k_htc_swba() if beacons are not enabled.
wifi: ath9k_htc: Abort software beacon handling if disabled
In the Linux kernel, the following vulnerability has been resolved: w ...
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Abort software beacon handling if disabled A malicious USB device can send a WMI_SWBA_EVENTID event from an ath9k_htc-managed device before beaconing has been enabled. This causes a device-by-zero error in the driver, leading to either a crash or an out of bounds read. Prevent this by aborting the handling in ath9k_htc_swba() if beacons are not enabled.
EPSS
6.4 Medium
CVSS3