CVE-2024-43847

wifi: ath12k: fix invalid memory access while processing fragmented packets

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix invalid memory access while processing fragmented packets The monitor ring and the reo reinject ring share the same ring mask index. When the driver receives an interrupt for the reo reinject ring, the monitor ring is also processed, leading to invalid memory access. Since monitor support is not yet enabled in ath12k, the ring mask for the monitor ring should be removed. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1

8.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.22%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/8126f82dab7bd8b2e04799342b19fff0a1fd8575 patch
https://git.kernel.org/stable/c/36fc66a7d9ca3e5c6eac25362cac63f83df8bed6 patch
https://git.kernel.org/stable/c/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4 patch

Frequently Asked Questions

What is the severity of CVE-2024-43847?
CVE-2024-43847 has been scored as a high severity vulnerability.
How to fix CVE-2024-43847?
To fix CVE-2024-43847, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-43847 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-43847 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-43847?
CVE-2024-43847 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.