wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode

CVE	CVE-2024-58096
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2025-04-16 15:15:53 UTC
Updated	2026-04-06 13:39:28 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode ath11k_hal_srng_* should be used with srng->lock to protect srng data. For ath11k_dp_rx_mon_dest_process() and ath11k_dp_full_mon_process_rx(), they use ath11k_hal_srng_* for many times but never call srng->lock. So when running (full) monitor mode, warning will occur: RIP: 0010:ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k] Call Trace: ? ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k] ath11k_dp_rx_process_mon_status+0xc45/0x1190 [ath11k] ? idr_alloc_u32+0x97/0xd0 ath11k_dp_rx_process_mon_rings+0x32a/0x550 [ath11k] ath11k_dp_service_srng+0x289/0x5a0 [ath11k] ath11k_pcic_ext_grp_napi_poll+0x30/0xd0 [ath11k] __napi_poll+0x30/0x1f0 net_rx_action+0x198/0x320 __do_softirq+0xdd/0x319 So add srng->lock for them to avoid such warnings. Inorder to fetch the srng->lock, should change srng's definition from 'void' to 'struct hal_srng'. And initialize them elsewhere to prevent one line of code from being too long. This is consistent with other ring process functions, such as ath11k_dp_process_rx(). Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30 Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1

Primary CVSS: v3.1 5.5 MEDIUM from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS: 0.000870000 probability, percentile 0.249900000 (date 2026-04-07)

Problem Types: NVD-CWE-noinfo

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	All	All	All	All

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected d5c65159f2895379e11ca13f62feabe93278985d 27ca8004ba93a0665faa6d477eaeb551e03de6c8 git	Not specified
CNA	Linux	Linux	affected d5c65159f2895379e11ca13f62feabe93278985d 1d2178918efc928e11bed9631469ef79ff0a862a git	Not specified
CNA	Linux	Linux	affected d5c65159f2895379e11ca13f62feabe93278985d b85758e76b6452740fc2a08ced6759af64c0d59a git	Not specified
CNA	Linux	Linux	affected d5c65159f2895379e11ca13f62feabe93278985d 63b7af49496d0e32f7a748b6af3361ec138b1bd3 git	Not specified
CNA	Linux	Linux	affected 5.6	Not specified
CNA	Linux	Linux	unaffected 5.6 semver	Not specified
CNA	Linux	Linux	unaffected 6.6.123 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.69 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.14.2 6.14.* semver	Not specified
CNA	Linux	Linux	unaffected 6.15 * original_commit_for_fix	Not specified

Reference	Source	Link	Tags
git.kernel.org/stable/c/63b7af49496d0e32f7a748b6af3361ec138b1bd3	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/27ca8004ba93a0665faa6d477eaeb551e03de6c8	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/1d2178918efc928e11bed9631469ef79ff0a862a	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/b85758e76b6452740fc2a08ced6759af64c0d59a	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.