CVE-2024-57992

{"id": "CVE-2024-57992", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-27T02:15:13.210", "references": [{"url": "https://git.kernel.org/stable/c/1be94490b6b8a06ff14cd23fda8714e6ec37cdfb", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c7115b8229f3e6cdfae43b1cdd180f5b6c67cd70", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: unregister wiphy only if it has been registered\n\nThere is a specific error path in probe functions in wilc drivers (both\nsdio and spi) which can lead to kernel panic, as this one for example\nwhen using SPI:\n\nUnable to handle kernel paging request at virtual address 9f000000 when read\n[9f000000] *pgd=00000000\nInternal error: Oops: 5 [#1] ARM\nModules linked in: wilc1000_spi(+) crc_itu_t crc7 wilc1000 cfg80211 bluetooth ecdh_generic ecc\nCPU: 0 UID: 0 PID: 106 Comm: modprobe Not tainted 6.13.0-rc3+ #22\nHardware name: Atmel SAMA5\nPC is at wiphy_unregister+0x244/0xc40 [cfg80211]\nLR is at wiphy_unregister+0x1c0/0xc40 [cfg80211]\n[...]\n wiphy_unregister [cfg80211] from wilc_netdev_cleanup+0x380/0x494 [wilc1000]\n wilc_netdev_cleanup [wilc1000] from wilc_bus_probe+0x360/0x834 [wilc1000_spi]\n wilc_bus_probe [wilc1000_spi] from spi_probe+0x15c/0x1d4\n spi_probe from really_probe+0x270/0xb2c\n really_probe from __driver_probe_device+0x1dc/0x4e8\n __driver_probe_device from driver_probe_device+0x5c/0x140\n driver_probe_device from __driver_attach+0x220/0x540\n __driver_attach from bus_for_each_dev+0x13c/0x1a8\n bus_for_each_dev from bus_add_driver+0x2a0/0x6a4\n bus_add_driver from driver_register+0x27c/0x51c\n driver_register from do_one_initcall+0xf8/0x564\n do_one_initcall from do_init_module+0x2e4/0x82c\n do_init_module from load_module+0x59a0/0x70c4\n load_module from init_module_from_file+0x100/0x148\n init_module_from_file from sys_finit_module+0x2fc/0x924\n sys_finit_module from ret_fast_syscall+0x0/0x1c\n\nThe issue can easily be reproduced, for example by not wiring correctly\na wilc device through SPI (and so, make it unresponsive to early SPI\ncommands). It is due to a recent change decoupling wiphy allocation from\nwiphy registration, however wilc_netdev_cleanup has not been updated\naccordingly, letting it possibly call wiphy unregister on a wiphy which\nhas never been registered.\n\nFix this crash by moving wiphy_unregister/wiphy_free out of\nwilc_netdev_cleanup, and by adjusting error paths in both drivers"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: wilc1000: anular el registro de wiphy solo si se ha registrado Hay una ruta de error espec\u00edfica en las funciones de sonda en los controladores wilc (tanto sdio como spi) que puede provocar un p\u00e1nico del kernel, como este, por ejemplo, cuando se usa SPI: No se puede manejar la solicitud de paginaci\u00f3n del kernel en la direcci\u00f3n virtual 9f000000 cuando se lee [9f000000] *pgd=00000000 Internal error: Oops: 5 [#1] ARM Modules linked in: wilc1000_spi(+) crc_itu_t crc7 wilc1000 cfg80211 bluetooth ecdh_generic ecc CPU: 0 UID: 0 PID: 106 Comm: modprobe Not tainted 6.13.0-rc3+ #22 Hardware name: Atmel SAMA5 PC is at wiphy_unregister+0x244/0xc40 [cfg80211] LR is at wiphy_unregister+0x1c0/0xc40 [cfg80211] [...] wiphy_unregister [cfg80211] from wilc_netdev_cleanup+0x380/0x494 [wilc1000] wilc_netdev_cleanup [wilc1000] from wilc_bus_probe+0x360/0x834 [wilc1000_spi] wilc_bus_probe [wilc1000_spi] from spi_probe+0x15c/0x1d4 spi_probe from really_probe+0x270/0xb2c really_probe from __driver_probe_device+0x1dc/0x4e8 __driver_probe_device from driver_probe_device+0x5c/0x140 driver_probe_device from __driver_attach+0x220/0x540 __driver_attach from bus_for_each_dev+0x13c/0x1a8 bus_for_each_dev from bus_add_driver+0x2a0/0x6a4 bus_add_driver from driver_register+0x27c/0x51c driver_register from do_one_initcall+0xf8/0x564 do_one_initcall from do_init_module+0x2e4/0x82c do_init_module from load_module+0x59a0/0x70c4 load_module from init_module_from_file+0x100/0x148 init_module_from_file from sys_finit_module+0x2fc/0x924 sys_finit_module from ret_fast_syscall+0x0/0x1c El problema se puede reproducir f\u00e1cilmente, por ejemplo, al no conectar correctamente un dispositivo wilc a trav\u00e9s de SPI (y, por lo tanto, hacer que no responda a los primeros comandos SPI). Se debe a un cambio reciente que desacopla la asignaci\u00f3n de wiphy del registro de wiphy, sin embargo, wilc_netdev_cleanup no se ha actualizado en consecuencia, lo que permite que posiblemente llame a la anulaci\u00f3n del registro de wiphy en un wiphy que nunca se ha registrado. Corrija este fallo moviendo wiphy_unregister/wiphy_free fuera de wilc_netdev_cleanup y ajustando las rutas de error en ambos controladores"}], "lastModified": "2025-10-23T17:54:44.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D4116B1-1BFD-4F23-BA84-169CC05FC5A3", "versionEndExcluding": "6.13.2", "versionStartIncluding": "6.13"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}